Date: Wed, 20 Dec 2000 11:55:32 -0500 From: "Shadow" <shadow@gti.net> To: <security@FreeBSD.ORG>, <questions@FreeBSD.ORG> Subject: Re: What anti-sniffer measures do i have? Message-ID: <011f01c06aa5$aab683d0$0501a8c0@fuckoff> References: <000301c06a9e$49383010$1805010a@epconline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Most (all?) Cisco Catalyst switches allow you to set "port security" which will disable the port either for a fixed period of time or forever until a supervisor re-enables it if it detects 'too many' MACs on a port or overlapping MAC addresses on ports. It gives a decent level of security without having to manually program MACs into all of the ports (ick!) Only thing I haven't tested is if using spanning tree breaks this functionality at all (I think I remember it having to sometimes look for duplicate MACs on ports)... not that spanning tree is a good solution to anything IMHO. Only downside is their price tag.... -Shadow Sr. Systems Administrator, Global Telecom Inc. shadow@gti.net ----- Original Message ----- From: "Chuck Rock" <carock@epconline.net> To: <security@FreeBSD.ORG>; <questions@FreeBSD.ORG> Sent: Wednesday, December 20, 2000 11:02 AM Subject: RE: What anti-sniffer measures do i have? > I use Intel 460T standalone switches, and they have the ability to keep the > database from learning new MAC addresses, and you can manually program the > MAC addresses to each port. > > This is much safer than default configuration, but it takes a lot of the > convenience of the switches ability to handle changes. > > I'm not necessarily saying they are better than others, I don't like some of > the features they have, and I haven't tried many other switches. > > I could go either way for security or convenience, but most networks don't > change like mine does, so the call would up to the person that has to > maintain those switch databases, and what tools are available to automate > that process. Any "good" SNMP software would probably suffice in allowing > you to remotely make database changes, and monitor the switches as well. > another nice thing with these is they have the ability to use BOOTP so the > configs can be centrally located. > > Chuck > > > -----Original Message----- > > From: Artem Koutchine [mailto:matrix@ipform.ru] > > Sent: Wednesday, December 20, 2000 6:30 AM > > To: Vladimir Mencl, MK, susSED; David Talkington > > Cc: Chuck Rock; security@FreeBSD.ORG; questions@FreeBSD.ORG > > Subject: Re: What anti-sniffer measures do i have? > > > > > > N/A for windows. Only for UNIX. So, not usable in heterogenic > > networks. > > > > ----- Original Message ----- > > From: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> > > To: "David Talkington" <dtalk@prairienet.org> > > Cc: "Chuck Rock" <carock@epconline.net>; <security@FreeBSD.ORG>; > > <questions@FreeBSD.ORG> > > Sent: Wednesday, December 20, 2000 3:23 PM > > Subject: RE: What anti-sniffer measures do i have? > > > > > > > On Tue, 19 Dec 2000, David Talkington wrote: > > > > > > > Far as I know, hard-coding an arp table is the only way to prevent > > > > that sort of thing ... someone please correct me if I'm wrong? > > > > > > Hardcoding the ARP table both in the switch and in every computer "to be > > > protected" in the network. Every computer would have to know both IP and > > > ethernet address of at least the router, the nameserver and all > > > computers it connects to. > > > > > > Will it be enough? > > > > > > ...putting the switch into a mode like "use only-and-only this hardcoded > > > arp-table".... > > > > > > > > > > > > Vladimir Mencl > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011f01c06aa5$aab683d0$0501a8c0>