On Thu, 23 Apr 1998 03:25:14 -0400 (EDT), Adam Shostack <adamat_private> wrote: >Vinci Chou wrote: >| I am wondering if any one can share his/her experience of using a switch >| in the DMZ. > Do not rely on switches because switches are not designed for >security. Whilst I don't use switches in a DMZ, I do have a datapoint from an internal system I administer. I once took some measurements and found that 2.2% of the packets received by a machine on its own switchport were unicast packets not intended for it (based on 9 1/2 hours of measurements, capturing just over 4e6 packets). Since I was looking at performance, rather than security, I didn't bother examining the unexpected packets in detail. Peter -- Peter Jeremy (VK2PJ) peter.jeremyat_private Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:36 PDT