From owner-freebsd-questions  Mon Jan 31 13:57:50 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from benge.graphics.cornell.edu (benge.graphics.cornell.edu [128.84.247.43])
	by hub.freebsd.org (Postfix) with ESMTP id 1AFB014D3F
	for <freebsd-questions@FreeBSD.ORG>; Mon, 31 Jan 2000 13:57:43 -0800 (PST)
	(envelope-from mkc@benge.graphics.cornell.edu)
Received: from benge.graphics.cornell.edu (mkc@localhost)
	by benge.graphics.cornell.edu (8.9.3/8.9.3) with ESMTP id QAA80811;
	Mon, 31 Jan 2000 16:57:40 -0500 (EST)
	(envelope-from mkc@benge.graphics.cornell.edu)
Message-Id: <200001312157.QAA80811@benge.graphics.cornell.edu>
To: nathan <beemern@ksu.edu>
Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: berkeley packet filter doesn't work?? 
In-Reply-To: Message from nathan <beemern@ksu.edu> 
   of "Mon, 31 Jan 2000 15:47:04 CST." <389602D8.AFD9506F@ksu.edu> 
Date: Mon, 31 Jan 2000 16:57:40 -0500
From: Mitch Collinsworth <mkc@Graphics.Cornell.EDU>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


>so would this then imply that our internal traffic is safe from external
>hacking?
>
>example--> a user logs into our mail server here.  authenticates in clear
>text and gets mail.
>
>so that communication could NOT be intercepted then in ANY way from outside
>the switch??

Well he said that was the point of switches, but in fact they are not
all perfect.  Sometimes they have been observed sending packets down
a wire other than the one where the destination MAC is at.

Most likely the uplink leg from your switch goes to a L3 router, which
will not be passing internal traffic out or external traffic in.  But
I woudn't use this as an argument that clear-text passwords are
therefore safe.  What happens if one of your users goes home and connects
to your POP server to get his mail from there?  If he's, say on a cable
modem, it's probably a broadcast LAN and his neighbor can snoop his
clear-text password as it goes by...  Or say a cracker breaks into your
POP server.  He could collect all the clear-text passwords as they come
in.  There are lots of reasons not to use clear-text passwords.  Your
L2 switch only solves one of them.

-Mitch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message