Date: Fri, 5 Jan 2001 15:46:01 -0800 From: Robert Clark <res03db2@gte.net> To: Artem Koutchine <matrix@ipform.ru> Cc: security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Antisniffer measures (digest of posts) Message-ID: <20010105154601.A17529@darkstar.gte.net> In-Reply-To: <000701c07750$eb585e60$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Fri, Jan 05, 2001 at 10:51:36PM %2B0300 References: <000701c07750$eb585e60$0c00a8c0@ipform.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I would look into the Intel Pro/100 S. (hardware assist 3DES 10/100 ethernet cards.) The intel site has info, but here is a site with a price listed: http://www.gotocol.com/inpro1brpcis.html This isn't necessarily better a better solution than ipsec via software, but it would not cause as much of a performance hit. I wonder if token ring suffers from this problem? 100VG? [RC] On Fri, Jan 05, 2001 at 10:51:36PM +0300, Artem Koutchine wrote: > Hello! > > I have reread all the followups on the questions i posted in the mid > december. > > first: > > 50% of the people said "SWITCH TO SWITCHES", 50% of the > people said: "EVEN SWITCHES CANNOT HELP" > > Then mostly everytone started talking about SNMP controllable > switches with hardcorded MAC addreses for each port. > > Then people started to talk about static ARP entries on the host. > > ONE (ONLY ONE) person mentioned encryption, but did not elaborate > on that. > > Well, let me remind the situtation. I have a very heterogenic network: > FreeBSD, Linux, Win9x, WinME, WInNT, WIn2000. Now they are all > connected with hubs, which allows sniffer to run and obtain all the mail > and web password easily. I need to stop it. > > Buying 500$ SNMP controllable switch is CRAZY. I will not do it. It is > way too expensive. It will cost us about 4000$. > > So, as I see we two possible solutions and one probable soultion: > > POSSIBLE N1: > Switches (NON SNMP contrlllable, which do not turn into hub when flooded > with MAC addresses), hardcorder ARP entries on hosts > for router, DNS, MAIL, POP, corporate web (thanks hot it is the same host). > > QUESTIONS: > Is it possible to do to hard code ARP entries in WINxxxxx? > Is there such switch which does not fall back into hub mode when flooded > with > MACs? > > POSSIBLE N2: > Install a little FBSD/LINUX based router indetad of each hub. Put a bunch > of > NIC in each. Put each host on a reparate NIC. Price: 100$ for the Pentium166 > based host+ 8nics x 20$=100+160=260$ (twice as cheap as SNMP switch and > twice as expensive and a simple switch) > > QUESTIONS: > I wonder where do i get 8 IRQs for the NICs int the routing box. > Will the box with 4PCIs and 4ISA NICs be able to hold on electricwise? > > PROBABLE: > Some kind of tranparent IP encryprtion. > > QUESTIONS: > What kind of IP encryption? > Is it availbale for FBSD, Linux, WINxxxxx? > > > I hope someone would help. > > Best regards, > Artem Koutchine > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010105154601.A17529>