From owner-freebsd-security Tue Dec 19 14:37:54 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 14:37:50 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from bastion.webex.com (unknown [208.8.81.7]) by hub.freebsd.org (Postfix) with ESMTP id 80AA237B400; Tue, 19 Dec 2000 14:37:50 -0800 (PST) Received: by unassigned.webex.com with Internet Mail Service (5.5.2653.19) id ; Tue, 19 Dec 2000 14:32:26 -0800 Message-ID: <15418A8C5748D411B03A0050DA649E55DB6E75@mailserv2.webex.com> From: Jonas Luster To: security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: RE: What anti-sniffer measures do i have? Date: Tue, 19 Dec 2000 14:37:48 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I believe most switches are Layer 2 which is MAC based. You would have to > know the MAC address of the computer you want to intercept traffic for, and > then your switch would have to give you the packets instead of erroring out > and or dropping the packets because you can't have two of the same MAC > addresses on the network. Well, there's MAC/ARP-proxying which allows pretty sophisticated maninthemiddles and quite a few of the more common switches fall back into Hub-Mode when you flood them with bogus ARP-entries. dsniff (ports/security) facilitates those attacks. Switches aren't much more secure than hubs, it's more a design- and speed-issue than a security-thingie to have 'em in your network. jonas -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBOj/jZKM1+GU4JoikEQJuKQCgotacqdAo08/IIw+jnVfbTdgiRQEAn0vI te4VUx1muy/U6kTluCTvX8oB =vxQF -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message