From owner-freebsd-security Thu Dec 21 19:16:23 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 21 19:16:21 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 922B937B402 for ; Thu, 21 Dec 2000 19:16:17 -0800 (PST) Received: (qmail 25780 invoked by uid 0); 22 Dec 2000 03:16:16 -0000 Received: from p3ee20a81.dip.t-dialin.net (HELO speedy.gsinet) (62.226.10.129) by mail.gmx.net (mail08) with SMTP; 22 Dec 2000 03:16:16 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id WAA25496 for security@FreeBSD.ORG; Thu, 21 Dec 2000 22:45:54 +0100 Date: Thu, 21 Dec 2000 22:45:54 +0100 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: What anti-sniffer measures do i have? Message-ID: <20001221224554.X253@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <000a01c06ab8$4676a040$1805010a@epconline.net> <001901c06b44$d88f6c00$0c00a8c0@ipform.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <001901c06b44$d88f6c00$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Thu, Dec 21, 2000 at 02:54:52PM +0300 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 21, 2000 at 14:54 +0300, Artem Koutchine wrote: > > So, most of you are saying that a switch would be a solution. > Anyone can recommed a particular switch wich he/she is using > without problems? Have you actually followed the thread? :) Switches are meant to increase performance at first (by reducing collisions). The fact that not all traffic is delivered to all ports is just a side effect and not really a design goal. Switches *cannot* prevent bad guys from sniffing, as has been stated before; it's just that it gets a little more difficult than before, but not really much. You still get non unicast packets delivered broadly. "Initial" packets the switch hasn't learned the destination MAC for yet are handled like a hub would do. Flooding the switches "brain" will have a similar effect and degrade it to a repeater. And there are the ARP games mentioned in several other messages one could play -- the switch would happily deliver packets to where the MAC address points to. > Also, what about tunnelling?? I thought this would have been the conclusion: encryption being the only solution, either via software or hardware (well, it doesn't prevent sniffing, but makes the sniffed data useless:). Shrinking collision domains is not the most appropriate measure against sniffing, but more of a network performance increase. > [ ... fullquote snipped ... ] virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message