Date: Mon, 31 Jan 2000 16:57:40 -0500 From: Mitch Collinsworth <mkc@Graphics.Cornell.EDU> To: nathan <beemern@ksu.edu> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: berkeley packet filter doesn't work?? Message-ID: <200001312157.QAA80811@benge.graphics.cornell.edu> In-Reply-To: Message from nathan <beemern@ksu.edu> of "Mon, 31 Jan 2000 15:47:04 CST." <389602D8.AFD9506F@ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>so would this then imply that our internal traffic is safe from external >hacking? > >example--> a user logs into our mail server here. authenticates in clear >text and gets mail. > >so that communication could NOT be intercepted then in ANY way from outside >the switch?? Well he said that was the point of switches, but in fact they are not all perfect. Sometimes they have been observed sending packets down a wire other than the one where the destination MAC is at. Most likely the uplink leg from your switch goes to a L3 router, which will not be passing internal traffic out or external traffic in. But I woudn't use this as an argument that clear-text passwords are therefore safe. What happens if one of your users goes home and connects to your POP server to get his mail from there? If he's, say on a cable modem, it's probably a broadcast LAN and his neighbor can snoop his clear-text password as it goes by... Or say a cracker breaks into your POP server. He could collect all the clear-text passwords as they come in. There are lots of reasons not to use clear-text passwords. Your L2 switch only solves one of them. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001312157.QAA80811>