At 11/15/2001 03:46 PM, Bernd Eckenfels wrote:
On Wed, Nov 14, 2001 at 12:52:29AM -0800, [EMAIL PROTECTED] wrote:
> All very true, but it does nothing to effect the topology change we
> want, where a single large DMZ subnect becomes *instead* a bunch of
> small subnets with firewall filtering between them.
My understanding of a guy i talked to is, that cisco swtiches not only
support mac/ip locking (on ports) (which will reduce ip-spoofing in dmz) but
also a secure mode where all ports of a switch can only talk to one named
upstream port. Since I normally use 3Com here, I dont know if that is true.
Greetings
Bernd
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
--
Gregg Rosenberg - N9NNO RICIS, Inc.
Chief Technology Officer 708-444-2690 Voice
[EMAIL PROTECTED] 708-444-2697 Fax
http://www.ricis.com - 866-RICIS-77 Toll Free
"When you love the work you do, you will never work a day in your life."
Support anti-Spam legislation. Join the fight at www.cauce.org
