Date: Wed, 3 Feb 1999 19:35:23 -0800 From: "Jan B. Koum " <jkb@best.com> To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, robert+freebsd@cyrus.watson.org Cc: security@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <19990203193523.A13011@best.com> In-Reply-To: <99Feb4.124301est.40344@border.alcanet.com.au>; from Peter Jeremy on Thu, Feb 04, 1999 at 12:52:54PM %2B1100 References: <99Feb4.124301est.40344@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 04, 1999 at 12:52:54PM +1100, Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> wrote: > Robert Watson <robert@cyrus.watson.org> wrote: > >Keep in mind also that ethernet-layer switching doesn't protect against > >IP-layer spoofing and sniffing. > > In my experience, switches tend to leak packets anyway: On a switched > segment, I regularly see unicast packets intended for other ports - in > one test, I found around 2% of the packets were leakage. This is > likely to be highly variable depending on the particular switch, > switch firmware and network load. [I originally found this by accident, > but since then, I have checked a couple of different switches and > firmware versions with similar results each time.] > > Basically, don't rely on a MAC-level switch to provide security. They > are generally designed to enhance performance (by getting unnecessary > traffic off the wire), rather than security. > > Peter > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message This is normal I think. This is because switches need to learn about MAC address and they don't keep MAC-to-Switch_Port table forever in memory. Everytime they don't know about where to send a frame, they will send it to every port and see from which port an answer comes back. Then update table entry. -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203193523.A13011>