From owner-freebsd-questions Tue Dec 19 14:23:57 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 14:23:54 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from kira.epconline.net (kira.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id 49E6137B400; Tue, 19 Dec 2000 14:23:53 -0800 (PST) Received: from therock (betterguard.epconline.net [209.83.132.193]) by kira.epconline.net (8.11.1/8.11.1) with SMTP id eBJMNpe04063; Tue, 19 Dec 2000 16:23:52 -0600 (CST) (envelope-from carock@epconline.net) From: "Chuck Rock" To: , Subject: RE: What anti-sniffer measures do i have? Date: Tue, 19 Dec 2000 16:26:13 -0600 Message-ID: <009001c06a0a$b2163170$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <200012192213.PAA04005@harmony.village.org> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I believe most switches are Layer 2 which is MAC based. You would have to know the MAC address of the computer you want to intercept traffic for, and then your switch would have to give you the packets instead of erroring out and or dropping the packets because you can't have two of the same MAC addresses on the network. Has anyone actually gotten another's information spoofing MAC addresses? I don't see how this could work. Chuck > -----Original Message----- > From: imp@harmony.village.org [mailto:imp@harmony.village.org]On Behalf > Of Warner Losh > Sent: Tuesday, December 19, 2000 4:14 PM > To: Jason DiCioccio > Cc: Artem Koutchine; security@FreeBSD.ORG; questions@FreeBSD.ORG > Subject: Re: What anti-sniffer measures do i have? > > > In message > <657B20E93E93D4118F9700D0B73CE3EA02433D@goofy.epylon.lan> Jason > DiCioccio writes: > : Although sniffing is still possible over a switched network with some > : arp tricks.. > > It depends on the switch... But there may be some man in the middle > attacks that are still possible with switches, but I haven't thought > about it too much. > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message