From owner-freebsd-security  Fri Aug 20 12:47:37 1999
Delivered-To: freebsd-security@freebsd.org
Received: from saturn.terahertz.net (saturn.terahertz.net [209.83.5.170])
	by hub.freebsd.org (Postfix) with ESMTP id 74CBE15699
	for <freebsd-security@FreeBSD.ORG>; Fri, 20 Aug 1999 12:47:30 -0700 (PDT)
	(envelope-from mustang@TeraHertz.Net)
Received: from localhost (mustang@localhost)
	by saturn.terahertz.net (8.9.3/8.9.3) with ESMTP id OAA94266;
	Fri, 20 Aug 1999 14:45:03 -0500 (CDT)
Date: Fri, 20 Aug 1999 14:45:03 -0500 (CDT)
From: Chris Malayter <mustang@TeraHertz.Net>
To: jay d <service_account@yahoo.com>
Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>,
	Evren Yurtesen <yurtesen@ispro.net.tr>, freebsd-security@FreeBSD.ORG
Subject: Re: multiple machines in the same network
In-Reply-To: <19990820194238.29331.rocketmail@web601.yahoomail.com>
Message-ID: <Pine.BSF.4.05.9908201444450.86219-100000@saturn.terahertz.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Too late? :)

Spill the scoop.

Chris Malayter


Mustang@TeraHertz.Net

-------------------------------------------------------------------------
Administrator, TeraHertz Communications		| 			|
						| InterNIC CM3647	|
Chief Engineer - 95.1 WVUR - Valparaiso,Indiana |			|
-------------------------------------------------------------------------

"Behavior is hard to change...but character is nearly impossible"
 

On Fri, 20 Aug 1999, jay d wrote:

> current project >:)  i probably shouldn't have said that.
> 
> jay
> 
> --- Chris Malayter <mustang@TeraHertz.Net> wrote:
> > Care to elaborate on that?  I'm in a colocated
> > facility with multiple
> > boxes that I am sure our root comprimised, if in
> > fact you can sniff on a
> > switched network, I'de like to know how you protect
> > yourself against that?
> > 
> > Chris Malayter
> > 
> > 
> > Mustang@TeraHertz.Net
> > 
> >
> -------------------------------------------------------------------------
> > Administrator, TeraHertz Communications		| 			|
> > 						| InterNIC CM3647	|
> > Chief Engineer - 95.1 WVUR - Valparaiso,Indiana |		
> > |
> >
> -------------------------------------------------------------------------
> > 
> > "Behavior is hard to change...but character is
> > nearly impossible"
> >  
> > 
> > On Fri, 20 Aug 1999, jay d wrote:
> > 
> > > What you really want is a VLAN capable switch. 
> > VLAN switches simply
> > > designate what ports on a switch can see what
> > other ports on the same
> > > switch.  I have to correct you though, Rodney, as
> > sniffing is currently
> > > possible through switches.
> > > 
> > > Jay
> > > 
> > > --- "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
> > wrote:
> > > > > Hello,
> > > > > 
> > > > > We are an ISP and we want to let our customers
> > to
> > > > put their own hardware
> > > > > into our network. But the thing we are
> > concerned
> > > > about is security of 
> > > > > course. How can we protect our system from
> > > > customers' machines?
> > > > 
> > > > I would strongly suggest that you place your
> > > > customers on a ethernet
> > > > switch.  Any of the modern 10/100 switches work
> > well
> > > > for this.  Each
> > > > customer gets 1 port on the switch, if they have
> > > > more than 1 machine
> > > > they install thier own hub connected to the
> > switch. 
> > > > This prevents
> > > > them from sniffing other customers traffic. 
> > Then
> > > > you need to setup
> > > > a router between this switch and your DMZ with a
> > > > firewall rule set
> > > > that stops all the nasty stuff like RFC1918
> > nets,
> > > > smurf amplifier (block
> > > > the broadcast addresses to all known subnets),
> > etc. 
> > > > 
> > > > > 
> > > > > I have heard about somehthing called "virtual
> > > > network" but I am not sure
> > > > > of what it means and even if it is the thing I
> > am
> > > > searching for ?
> > > > 
> > > > You don't need VLAN's for this, it's overkill.
> > > > 
> > > > -- 
> > > > Rod Grimes - KD7CAX - (RWG25)                   
> > > > rgrimes@gndrsh.dnsmgr.net
> > > > 
> > > > 
> > > > To Unsubscribe: send mail to
> > majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-security" in the body
> > of
> > > > the message
> > > > 
> > > > 
> > > 
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Bid and sell for free at http://auctions.yahoo.com
> > > 
> > > 
> > > 
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of
> > the message
> > > 
> > 
> > 
> 
> __________________________________________________
> Do You Yahoo!?
> Bid and sell for free at http://auctions.yahoo.com
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message