On Mar 25, 2007, at 12:21 PM, J.C. Roberts wrote:
On Sunday 25 March 2007 08:41, Jason Dixon wrote:
On Mar 25, 2007, at 11:24 AM, bofh wrote:
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
Disabling DTP, which should be done anyways, will prevent VLAN
hopping. I'm not sure what "arp-based thing" you're referring to
that wasn't fixed 5-6 years ago. Perhaps you're referring to arp
spoofing, which has nothing to do with VLANs. Please clarify.
My point was that there may be future vulnerabilities, and it may
be a good idea to keep that in mind for the original poster's
designs.
There may also be future vulnerabilities in physical ethernet. Guess
you'd better unplug now! ;-)
Future? -Nope. It's been already done.
http://www.wired.com/news/technology/0,70619-0.html
http://www.wired.com/news/technology/1,70908-0.html
Though the example is not formally "ethernet," physical access to the
"tubes" still means you should consider yourself 0wnd.
But bofh is kinda right, arp-cache poisoning (possibly the "thing" he
was talking about?) is really very interesting.
The topic was in regards to VLAN security. Arp-cache poisoning, or
spoofing (as I already mentioned) has nothing to do with VLANs.
Unless either of you have anything relevant to add with regards to
the OP's question about single-homed routing, I suggest we move on.
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
