From owner-freebsd-security  Tue Sep  7  6:41:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 03A3614F49
	for <freebsd-security@FreeBSD.ORG>; Tue,  7 Sep 1999 06:41:21 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id JAA11485;
	Tue, 7 Sep 1999 09:39:17 -0400 (EDT)
	(envelope-from wollman)
Date: Tue, 7 Sep 1999 09:39:17 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199909071339.JAA11485@khavrinen.lcs.mit.edu>
To: dmp@aracnet.com
Cc: ks@itp.ac.ru, freebsd-security@FreeBSD.ORG
Subject: Re: Layer 2 ethernet encryption?
In-Reply-To: <37D4BCC2.34AFAE9D@aracnet.com>
References: <XFMail.990907105629.ks@osi.ru>
	<37D4BCC2.34AFAE9D@aracnet.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Tue, 07 Sep 1999 00:20:34 -0700, dmp@aracnet.com said:

> I have two problems.  The first is that EM emissions on UTP allows
> one to monitor all traffic on that cable.

Use fiber NICs.

>  The second is that a
> sniffer run on an authorized machine will be able to see the source
> and destination IP and port of all IP traffic on it's segment.

Use a good switch and hard-wire the bridge table.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message