From owner-freebsd-security Tue Sep 7 23:34:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from guppy.pond.net (guppy.pond.net [205.240.25.2]) by hub.freebsd.org (Postfix) with ESMTP id 2CB5915A8D for ; Tue, 7 Sep 1999 23:34:37 -0700 (PDT) (envelope-from dmp@aracnet.com) Received: from aracnet.com (snapuser2-89.pacificcrest.net [216.36.34.89]) by guppy.pond.net (8.9.3/8.9.3) with ESMTP id XAA04854; Tue, 7 Sep 1999 23:31:18 -0700 (PDT) From: dmp@aracnet.com Message-ID: <37D60350.6E85A7A1@aracnet.com> Date: Tue, 07 Sep 1999 23:33:52 -0700 X-Mailer: Mozilla 4.6 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Garrett Wollman Cc: ks@itp.ac.ru, freebsd-security@FreeBSD.ORG Subject: Re: Layer 2 ethernet encryption? References: <37D4BCC2.34AFAE9D@aracnet.com> <199909071339.JAA11485@khavrinen.lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > <> I have two problems. The first is that EM emissions on UTP allows >> one to monitor all traffic on that cable. > > Use fiber NICs. Short of winning a significant lottery, it would be economically impossible to move the network to fibre, there's too many nodes to upgrade. >> The second is that a >> sniffer run on an authorized machine will be able to see the source >> and destination IP and port of all IP traffic on it's segment. > > Use a good switch and hard-wire the bridge table. The network currently can't be segmented any more than it is without breaking it's applications. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message