Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Feb 1999 19:35:23 -0800
From:      "Jan B. Koum " <jkb@best.com>
To:        Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, robert+freebsd@cyrus.watson.org
Cc:        security@FreeBSD.ORG
Subject:   Re: tcpdump
Message-ID:  <19990203193523.A13011@best.com>
In-Reply-To: <99Feb4.124301est.40344@border.alcanet.com.au>; from Peter Jeremy on Thu, Feb 04, 1999 at 12:52:54PM %2B1100
References:  <99Feb4.124301est.40344@border.alcanet.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 04, 1999 at 12:52:54PM +1100, Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> wrote:
> Robert Watson <robert@cyrus.watson.org> wrote:
> >Keep in mind also that ethernet-layer switching doesn't protect against
> >IP-layer spoofing and sniffing.
> 
> In my experience, switches tend to leak packets anyway: On a switched
> segment, I regularly see unicast packets intended for other ports - in
> one test, I found around 2% of the packets were leakage.  This is
> likely to be highly variable depending on the particular switch,
> switch firmware and network load.  [I originally found this by accident,
> but since then, I have checked a couple of different switches and
> firmware versions with similar results each time.]
> 
> Basically, don't rely on a MAC-level switch to provide security. They
> are generally designed to enhance performance (by getting unnecessary
> traffic off the wire), rather than security.
> 
> Peter
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	This is normal I think.

	This is because switches need to learn about MAC address
	and they don't keep MAC-to-Switch_Port table forever in
	memory. Everytime they don't know about where to send a
	frame, they will send it to every port and see from which
	port an answer comes back. Then update table entry.

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203193523.A13011>