From owner-freebsd-security  Fri Aug 20 13:37:46 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lazlo.internal.steam.com (lazlo.steam.com [199.108.84.37])
	by hub.freebsd.org (Postfix) with ESMTP id 0E3DB14BF3
	for <freebsd-security@FreeBSD.ORG>; Fri, 20 Aug 1999 13:37:39 -0700 (PDT)
	(envelope-from cliff@steam.com)
Received: from lazlo.internal.steam.com (cliff@lazlo.internal.steam.com [192.168.32.2])
	by lazlo.internal.steam.com (8.9.3/8.9.3) with ESMTP id NAA08614;
	Fri, 20 Aug 1999 13:34:05 -0700 (PDT)
Date: Fri, 20 Aug 1999 13:34:05 -0700 (PDT)
From: Cliff Skolnick <cliff@steam.com>
X-Sender: cliff@lazlo.internal.steam.com
To: Bigby Findrake <bigby@shiva.eu.org>
Cc: jay d <service_account@yahoo.com>,
	"Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>,
	Evren Yurtesen <yurtesen@ispro.net.tr>, freebsd-security@FreeBSD.ORG
Subject: Re: multiple machines in the same network
In-Reply-To: <Pine.BSF.4.05.9908201246050.16714-100000@shiva.eu.org>
Message-ID: <Pine.BSF.4.10.9908201329220.68821-100000@lazlo.internal.steam.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hacked arp code on one machine could return a broadcast or multicast
ethernet address to an arp query for any machine.  The switch would then
treat all traffic as broadcast sending it to every port.  Since the machines
TCP/IP layer would receive the packet it woudl still be on the network, of
course it would be receiving and dropping a bit more.  Performance may be
effected.  :)

You really want the machines on a seperate segment and to be routed instead
of switched.

Cliff

On Fri, 20 Aug 1999, Bigby Findrake wrote:

> On Fri, 20 Aug 1999, jay d wrote:
> 
> > What you really want is a VLAN capable switch. VLAN switches simply
> > designate what ports on a switch can see what other ports on the same
> > switch. I have to correct you though, Rodney, as sniffing is currently
> > possible through switches.
> 
> Please, do tell us how it's possible to sniff through switches.
> 
> 
> /-------------------------------------------------------------------------/
> It's easier to obtain forgiveness than permission.
> 
> 		finger bigby@shiva.eu.org for my pgpkey
> 	       e-mail bigby@pager.shiva.eu.org to page me
> /-------------------------------------------------------------------------/
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

--
   | Cliff Skolnick          | "They that can give up essential liberty to |
   | Steam Tunnel Operations |  obtain a little temporary safety deserve   |
   | cliff@steam.com         |  neither liberty nor safety."               |
   | http://www.steam.com/   |                  -- Benjamin Franklin, 1759 |



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message