Re: Q on external router

From: Bernhard Schneck (Bernhard_Schneckat_private)
Date: Wed Apr 22 1998 - 12:31:59 PDT

Next message: Russ: "RE: Intrusion Detection"

Previous message: d: "Re: When to do something about detected attacks (was Re: how to do...)"
Maybe in reply to: Vinci Chou: "Q on external router"
Next in thread: Bennett Todd: "Re: Q on external router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <Pine.SUN.3.95.980422171232.27846D-100000at_private> you writ
e:
 > After posting my question, I searched the archive at nfr.net and the
 > argument by "Adam Shostack" against a switch in the DMZ was not that it
 > cannot prevent sniffing but rather, it may not stand malicious attack.
 > However, he did not quote any concrete evidence or example because these
 > are relatively new.

Switches have finite storage for ARP entries (usually some power of
2, say 4096 or 8192).  Flood them with enough (bogus) ARPs and most
of them will start passing all packets.

POOF.

\Bernhard.

Next message: Russ: "RE: Intrusion Detection"
Previous message: d: "Re: When to do something about detected attacks (was Re: how to do...)"
Maybe in reply to: Vinci Chou: "Q on external router"
Next in thread: Bennett Todd: "Re: Q on external router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:18 PDT