From owner-freebsd-security  Wed Feb  3 19:35:58 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA29681
          for freebsd-security-outgoing; Wed, 3 Feb 1999 19:35:58 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA29673
          for <security@FreeBSD.ORG>; Wed, 3 Feb 1999 19:35:57 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.2/8.9.2/best.sh) id TAA13511;
	Wed, 3 Feb 1999 19:35:24 -0800 (PST)
Message-ID: <19990203193523.A13011@best.com>
Date: Wed, 3 Feb 1999 19:35:23 -0800
From: "Jan B. Koum " <jkb@best.com>
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>,
        robert+freebsd@cyrus.watson.org
Cc: security@FreeBSD.ORG
Subject: Re: tcpdump
References: <99Feb4.124301est.40344@border.alcanet.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <99Feb4.124301est.40344@border.alcanet.com.au>; from Peter Jeremy on Thu, Feb 04, 1999 at 12:52:54PM +1100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Feb 04, 1999 at 12:52:54PM +1100, Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> wrote:
> Robert Watson <robert@cyrus.watson.org> wrote:
> >Keep in mind also that ethernet-layer switching doesn't protect against
> >IP-layer spoofing and sniffing.
> 
> In my experience, switches tend to leak packets anyway: On a switched
> segment, I regularly see unicast packets intended for other ports - in
> one test, I found around 2% of the packets were leakage.  This is
> likely to be highly variable depending on the particular switch,
> switch firmware and network load.  [I originally found this by accident,
> but since then, I have checked a couple of different switches and
> firmware versions with similar results each time.]
> 
> Basically, don't rely on a MAC-level switch to provide security. They
> are generally designed to enhance performance (by getting unnecessary
> traffic off the wire), rather than security.
> 
> Peter
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	This is normal I think.

	This is because switches need to learn about MAC address
	and they don't keep MAC-to-Switch_Port table forever in
	memory. Everytime they don't know about where to send a
	frame, they will send it to every port and see from which
	port an answer comes back. Then update table entry.

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message