Mikael Olsson wrote:
>
> If you can set up static tree entries in the switch: yes.
> Otherwise, you'd still be able to get the switch to pass data
> to the sniffing device. Although here you wouldn't be relying
> on ARP spoofing but rather spamming the switch to get it to
> send a large percentage of packets your way. (Fooling the switch
> into believing that the hardware address in question is actually
> connected to the port where the sniffing machine is).
FYI. One way of monitoring this is to watch the switch's buffer
statistics using SNMP and/or setting the switch to issue an
SNMP trap on buffer full assuming the switch has such capability.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
