RE: Why can I see other traffic at switch environment just tcpdump?

From: Rob Shein (shotenat_private)
Date: Wed Oct 09 2002 - 07:38:53 PDT

Next message: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"

Previous message: oliver.biermannat_private: "Antwort: Re: Forensics CD (was: Re: Strange Folder"
In reply to: Kelly Martin: "Re: Why can I see other traffic at switch environment just tcpdump?"
Next in thread: Darryl Luff: "Re: Why can I see other traffic at switch environment just tcpdump?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Switches should not be relied on as a security mechanism 
> unless the switch specifically has (and has been configured 
> to use) port security by the use of static assignment of MAC 
> addresses to ports.
> 
> Kelly

Which, I'd like to point out (before anyone tries this in a real
environment) is a nightmare and a disaster waiting to happen.  No matter
how clearly you may remember doing this, it's a sure-fire bet that at
some point a machine will be moved or replaced (or, for that matter,
just its NIC), and the person doing it won't know why networking doesn't
work.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Previous message: oliver.biermannat_private: "Antwort: Re: Forensics CD (was: Re: Strange Folder"
In reply to: Kelly Martin: "Re: Why can I see other traffic at switch environment just tcpdump?"
Next in thread: Darryl Luff: "Re: Why can I see other traffic at switch environment just tcpdump?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 15:30:30 PDT