From owner-freebsd-stable Mon Sep 6 17:13: 1 1999 Delivered-To: freebsd-stable@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 6298D153FF for ; Mon, 6 Sep 1999 17:12:57 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40337>; Tue, 7 Sep 1999 10:10:43 +1000 Date: Tue, 7 Sep 1999 10:12:39 +1000 From: Peter Jeremy Subject: Re: softupdates in latest build? In-reply-to: To: tom@uniserve.com Cc: freebsd-stable@FreeBSD.ORG Message-Id: <99Sep7.101043est.40337@border.alcanet.com.au> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tom wrote: >On Mon, 6 Sep 1999, Brad Knowles wrote: >> I have reason to believe that it is possible to sniff through >> switches, at least certain types of switches. > > No. That's a bit simplistic. Most switches are designed to reduce network traffic, not provide security. They have a finite capacity for learnt MAC addresses and if you exceed that limit, traffic will leak onto multiple segments. Likewise, traffic may leak whilst a switch is learning a new MAC address or under high traffic loads. Therefore, snooping on a switched segment may provide a small sample of the 'backbone' traffic. Whether this is a problem depends on the site. Of course, given a poorly configured 'managed' switch, somethe subverted host could change the switch configuration to provide a drop copy of the backbone traffic... Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message