From owner-freebsd-security Fri Aug 20 22:11:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id A525614F02 for ; Fri, 20 Aug 1999 22:11:22 -0700 (PDT) (envelope-from mike@sentex.net) Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id BAA08721; Sat, 21 Aug 1999 01:09:54 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: jmaslak@updatesystems.com (Joel Maslak) Cc: freebsd-security@freebsd.org Subject: Re: Switches & Security Date: Sat, 21 Aug 1999 05:22:50 GMT Message-ID: <37be3727.351980871@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 20 Aug 1999 16:07:48 -0400, in sentex.lists.freebsd.misc you wrote: > >To compromize a network consisting of a switched backbone... >Internet ---- R ----+ > | > A -- SWITCH -- B > >Let's say B got compromised. > >What B has to do is send ARP broadcasts out, claiming that it is actually >R. Now, it knows R's REAL ethernet address. >--- That was method 1. --- On the Catalysts, you can nail down the ARP address statically and have it ignore any other MAC addresses that would leak out. > >There are MANY ways to invalidate the ARP cache of a switch. Some >crash the switch. Even if its hard coded in the switch not to allow any other MAC addresses out ? ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Who is this 'BSD', and why should we free him?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message