Do I understand you correctly that your 6808s have both internal (secure)
and external (unsecure) traffic on them, separated only by VLAN?
At 09:30 PM 6/3/2002 -0400, you wrote:
All,
We have two 3640's and two Extreme Black Diamond 6808's (aka 6509's).
The two 3640's are doing IBGP between
LANs?
HTH, Bob McIntire
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Craig Columbus
Sent: Tuesday, June 04, 2002 9:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Security hazard?? [7:45731]
Do I understand you correctly that your 6808s have
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Craig Columbus
Sent: Tuesday, June 04, 2002 9:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Security hazard?? [7:45731]
Do I understand you correctly that your 6808s have both internal (secure)
and external (unsecure) traffic on them, separated
PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP connectivity to it's control
engine (ie the routed aspects are not reachable therein) what
vulnerabilities exist here? With no routing on the VLAN, I'm not exactly
sure how one gets from untrusted
info:
http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
-Original Message-
From: Peter van Oene [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP connectivity to it's
PROTECTED]]
Sent: Tuesday, June 04, 2002 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP connectivity to it's control
engine (ie the routed aspects are not reachable therein) what
vulnerabilities exist here? With no routing
1:18 PM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Interesting indeed. I hadn't seen that before. This is obviously an
architecturally flawed implementation. Ideally, the CAM (MAC) table should
be fully isolated to prevent unwanted forwarding and ports not considered
: Peter van Oene [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP connectivity to it's control
engine (ie the routed aspects are not reachable therein) what
: Peter van Oene [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP connectivity to it's control
engine (ie the routed aspects are not reachable therein) what
vulnerabilities
for more info:
http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
-Original Message-
From: Peter van Oene [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: Security hazard?? [7:45731]
Assuming the untrusted VLAN offers no IP
I've seen some of Cisco's private VLAN setup. The way I've seen it
implemented is on a DMZ switch. Say you have 3 servers on your DMZ, web,
mail, and ftp. If each of those servers is plugged into a different port on
the same switch and on the same network, you can configure each of them to
be
Could you explain this a bit more.
I two just implemented a network somewhat like this. I had 2 7206VXRs
each connected to 1 PIX 535 each which were then connected to 2 6509s with
IDS. All running 1000FX
In my current implementation of the same network I have replaced the
7206VXRs and
12 matches
Mail list logo
