Date: Wed, 28 Jul 1999 12:20:50 -0700 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: net@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c Message-ID: <6624.933189650@zippy.cdrom.com> In-Reply-To: Your message of "Wed, 28 Jul 1999 11:44:42 EDT." <199907281544.LAA09659@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Switches won't help (unless you turn learning off and manually > configure every Ethernet address in your entire network into every > switch). All an attacker has to do to sniff your packets is to send > packets pretending to be you, thereby causing the switches to learn > the attacker's location. Gah. Is there any functionality reason why a switch would *need* to behave like that? I'm not going to argue the point that this constitutes a current vulnerability for switches, but I am wondering why it could be considered anything short of brain-damaged for a switch's learning algorithm to behave that way. Sure, let me swap ports, but unlearn the old port assignment before doing so and don't just bridge the two together, as you say, is my general feeling here. Why do switches do this? - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6624.933189650>