Date: Tue, 19 Dec 2000 14:37:48 -0800 From: Jonas Luster <JonasL@webex.com> To: security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: RE: What anti-sniffer measures do i have? Message-ID: <15418A8C5748D411B03A0050DA649E55DB6E75@mailserv2.webex.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I believe most switches are Layer 2 which is MAC based. You would have to > know the MAC address of the computer you want to intercept traffic for, and > then your switch would have to give you the packets instead of erroring out > and or dropping the packets because you can't have two of the same MAC > addresses on the network. Well, there's MAC/ARP-proxying which allows pretty sophisticated maninthemiddles and quite a few of the more common switches fall back into Hub-Mode when you flood them with bogus ARP-entries. dsniff (ports/security) facilitates those attacks. Switches aren't much more secure than hubs, it's more a design- and speed-issue than a security-thingie to have 'em in your network. jonas -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBOj/jZKM1+GU4JoikEQJuKQCgotacqdAo08/IIw+jnVfbTdgiRQEAn0vI te4VUx1muy/U6kTluCTvX8oB =vxQF -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15418A8C5748D411B03A0050DA649E55DB6E75>