Re: False security in switches and a little more Rconsole.

From: Peter Jeremy (peter.jeremyat_private)
Date: Tue Oct 13 1998 - 14:28:47 PDT

Next message: Markus Stumpf: "Re: Followup to FP98 and other Frontpage bugs"

Previous message: Peter van Dijk: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
Maybe in reply to: Chris Zagar: "False security in switches and a little more Rconsole."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Zagar <zagarat_private> wrote:
>> Ok, heres a very simple solution:  Buy a switch.
>
>Actually, switches do help, but they also run the risk of people actually
>believing that their switched connections are private, lulling you into a
>false sense of security.

[Description of port monitoring facilities deleted]

And quite apart from the documented and intentional port monitoring
facilities, the switch may leak packets.

I have a number of systems attached via switch ports to our backbone
(for traffic purposes).  Last year I took some traffic samples from a
machine connected to one brand of switch.  I recently repeated the
test with a different brand of switch.  In both cases, there were
about 2 packets per second (around 2% of the segment traffic) that
were unicast, and not intended for the machine that received them.

Moral: Don't rely on your switch for security.

Peter
--
Peter Jeremy (VK2PJ)                    peter.jeremyat_private
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247

Next message: Markus Stumpf: "Re: Followup to FP98 and other Frontpage bugs"
Previous message: Peter van Dijk: "Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering"
Maybe in reply to: Chris Zagar: "False security in switches and a little more Rconsole."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:41 PDT