From owner-freebsd-net Wed Jul 28 8:45:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 37DB2154CF for ; Wed, 28 Jul 1999 08:45:09 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id LAA09659; Wed, 28 Jul 1999 11:44:42 -0400 (EDT) (envelope-from wollman) Date: Wed, 28 Jul 1999 11:44:42 -0400 (EDT) From: Garrett Wollman Message-Id: <199907281544.LAA09659@khavrinen.lcs.mit.edu> To: "Jordan K. Hubbard" Cc: net@freebsd.org Subject: Re: cvs commit: src/release/sysinstall tcpip.c In-Reply-To: <5505.932695893@zippy.cdrom.com> References: <99Jul23.070924est.40350@border.alcanet.com.au> <5505.932695893@zippy.cdrom.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I actually share your opinion about the proper defense against > sniffing being proper network design (use switches/vlans/etc) and > not turning off bpf, but I'm not the one you need to convince here. :-) Switches won't help (unless you turn learning off and manually configure every Ethernet address in your entire network into every switch). All an attacker has to do to sniff your packets is to send packets pretending to be you, thereby causing the switches to learn the attacker's location. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message