----- Original Message ----- From: "Andrew Pantyukhin" <[EMAIL PROTECTED]> To: "Ted Mittelstaedt" <[EMAIL PROTECTED]> Cc: "Dan Mahoney, System Admin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, January 18, 2007 12:25 AM Subject: Re: Transport Mode IPSEC
> On 1/18/07, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote: > > Dan, > > > > You do realize, don't you, that since both of these hosts are on a switch, > > and are using unicast traffic to communicate with each other, that they > > cannot be sniffed, don't you? > > > > You might read up on ethernet switching technology a bit before > > answering that. > > I'm sorry to be the one to make this remark but it's > you who needs to read a bit to learn (a) how to sniff > traffic off most Ethernet switches from D-Link to > Cisco; (b) what other security risks unprotected NFSv3 > shares pose. Yeah, sure I've heard that one before. Why don't you go ahead and elaborate one of your favorite theoretical attacks out of one of those books that "proves" that an attacker can "sniff most switches" so I can have the fun of knocking it down by real-world hardware implementations that you can actually buy and use right now. Don't be a fool. Ethernet switch manufacturers aren't stupid and have read the same stuff your citing. They combat them 2 ways. The first is used on the expensive switches and it's called filtering and allows switch manufacturer salespeople to have something to dog and pony. The second is used on the cheapo switches and it's called using a wussy CPU on the switch so that the second you try attacking the switch with one of your fancy attacks to sniff it, the switch just rolls over and dies, passing so few packets that every connection through it looses tremendous numbers of packets, and hell breaks loose as all users start screaming. been there, done that. Those work just dandy in the lab and in your CCIE class with 3 hosts setup for the purpose of demonstrating the attacks. But try it on a production network some day and the side-effects will kill you. Ted _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
