From owner-freebsd-questions@FreeBSD.ORG Thu Jan 18 10:07:18 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F180316A416 for ; Thu, 18 Jan 2007 10:07:18 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id 8AE2F13C478 for ; Thu, 18 Jan 2007 10:07:18 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so122845uge for ; Thu, 18 Jan 2007 02:07:17 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=pSk5kxJwxkp0CRE2azvHUQk9DBPebaflVVMO0seVMd8J9GCFaMrnk6kZIxjUcvvP8epJdFz8q6N1of8kQWdgS6xts+KloEk14cwR55HPbefaQAFxlioNmhelAb0vJGiTIQqN6MsIfuKWaFnGNpZuXcr89Ob3fny0bP3CdqzvJj4= Received: by 10.78.181.13 with SMTP id d13mr634332huf.1169114834071; Thu, 18 Jan 2007 02:07:14 -0800 (PST) Received: by 10.78.164.20 with HTTP; Thu, 18 Jan 2007 02:07:14 -0800 (PST) Message-ID: Date: Thu, 18 Jan 2007 13:07:14 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Ted Mittelstaedt" In-Reply-To: <00c601c73ae4$85eec240$3c01a8c0@coolf89ea26645> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070118022306.Q26349@prime.gushi.org> <005701c73ad3$1e433560$3c01a8c0@coolf89ea26645> <00c601c73ae4$85eec240$3c01a8c0@coolf89ea26645> X-Google-Sender-Auth: 9a2ba73dfc8c8eff Cc: "Dan Mahoney, System Admin" , questions@freebsd.org Subject: Re: Transport Mode IPSEC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2007 10:07:19 -0000 On 1/18/07, Ted Mittelstaedt wrote: > > ----- Original Message ----- > From: "Andrew Pantyukhin" > To: "Ted Mittelstaedt" > Cc: "Dan Mahoney, System Admin" ; > > Sent: Thursday, January 18, 2007 12:25 AM > Subject: Re: Transport Mode IPSEC > > > > On 1/18/07, Ted Mittelstaedt wrote: > > > Dan, > > > > > > You do realize, don't you, that since both of these hosts are on a > switch, > > > and are using unicast traffic to communicate with each other, that they > > > cannot be sniffed, don't you? > > > > > > You might read up on ethernet switching technology a bit before > > > answering that. > > > > I'm sorry to be the one to make this remark but it's > > you who needs to read a bit to learn (a) how to sniff > > traffic off most Ethernet switches from D-Link to > > Cisco; (b) what other security risks unprotected NFSv3 > > shares pose. > > Yeah, sure I've heard that one before. > > Why don't you go ahead and elaborate one of your favorite > theoretical attacks out of one of those books that "proves" > that an attacker can "sniff most switches" so I can have the > fun of knocking it down by real-world hardware implementations > that you can actually buy and use right now. > > Don't be a fool. Ethernet switch manufacturers aren't stupid and > have read the same stuff your citing. They combat them 2 ways. > The first is used on the expensive switches and it's called filtering > and allows switch manufacturer salespeople to have something to > dog and pony. The second is used on the cheapo switches and > it's called using a wussy CPU on the switch so that the second > you try attacking the switch with one of your fancy attacks to > sniff it, the switch just rolls over and dies, passing so few packets > that every connection through it looses tremendous numbers of > packets, and hell breaks loose as all users start screaming. > > been there, done that. Those work just dandy in the lab and > in your CCIE class with 3 hosts setup for the purpose of > demonstrating the attacks. But try it on a production network some > day and the side-effects will kill you. Okay, I'm sorry to have sounded a bit rough before I even parsed your name :-) You don't need to throw bits of your knowledge at unsuspecting bystanders, too. ;) Most attacks I can imagine, I read/heard about or seen in the worst of my nightmares - I wouldn't be able to reproduce or describe in detail. My friend has a motto, which I happen to agree with: there's a good enough attacker for any kind of security measures, our job is to make his job as tough as possible.