From owner-freebsd-questions Wed Dec 20 4:28: 1 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 04:27:56 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id F2D2837B402; Wed, 20 Dec 2000 04:27:52 -0800 (PST) Received: from wp2 (wp2 [192.168.0.12]) by osiris.ipform.ru (8.11.1/8.11.1) with SMTP id eBKCRgV36045; Wed, 20 Dec 2000 15:27:46 +0300 (MSK) (envelope-from matrix@ipform.ru) Message-ID: <006501c06a80$42ec1460$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: "Jonas Luster" , , References: <15418A8C5748D411B03A0050DA649E55DB6E75@mailserv2.webex.com> Subject: Re: What anti-sniffer measures do i have? Date: Wed, 20 Dec 2000 15:27:41 +0300 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello again! Well, i am depressed now :( The issue is even worse than i thought at first. So, SHOUD I upgrade to switches? Will they REALLY help? Or should i build a simple FreeBSD router for each branch of the tree with a buch of ethernet cards. For example. In a room with 8 computers i will install a Pentium MMX with 8 PCI slots and 8 network cards and route pure IP, no MAC addresing (i don't need ipx rounter or anything, just ip). Is there relatively cheap switches wich do the same? Is it even a solution? ----- Original Message ----- From: "Jonas Luster" To: ; Sent: Wednesday, December 20, 2000 1:37 AM Subject: RE: What anti-sniffer measures do i have? > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I believe most switches are Layer 2 which is MAC based. You would > have to > > know the MAC address of the computer you want to intercept traffic > for, and > > then your switch would have to give you the packets instead of > erroring out > > and or dropping the packets because you can't have two of the same > MAC > > addresses on the network. > > Well, there's MAC/ARP-proxying which allows pretty sophisticated > maninthemiddles and quite a few of the more common switches fall > back into Hub-Mode when you flood them with bogus ARP-entries. > dsniff (ports/security) facilitates those attacks. > > Switches aren't much more secure than hubs, it's more a design- and > speed-issue than a security-thingie to have 'em in your network. > > jonas > > -----BEGIN PGP SIGNATURE----- > Version: PGP Personal Privacy 6.0.2 > > iQA/AwUBOj/jZKM1+GU4JoikEQJuKQCgotacqdAo08/IIw+jnVfbTdgiRQEAn0vI > te4VUx1muy/U6kTluCTvX8oB > =vxQF > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message