From owner-freebsd-net  Wed Jul 28 12:21:36 1999
Delivered-To: freebsd-net@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id 97ADE15175
	for <net@FreeBSD.ORG>; Wed, 28 Jul 1999 12:21:34 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id MAA06628;
	Wed, 28 Jul 1999 12:20:50 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: net@FreeBSD.ORG
Subject: Re: cvs commit: src/release/sysinstall tcpip.c 
In-reply-to: Your message of "Wed, 28 Jul 1999 11:44:42 EDT."
             <199907281544.LAA09659@khavrinen.lcs.mit.edu> 
Date: Wed, 28 Jul 1999 12:20:50 -0700
Message-ID: <6624.933189650@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Switches won't help (unless you turn learning off and manually
> configure every Ethernet address in your entire network into every
> switch).  All an attacker has to do to sniff your packets is to send
> packets pretending to be you, thereby causing the switches to learn
> the attacker's location.

Gah.  Is there any functionality reason why a switch would *need* to
behave like that?  I'm not going to argue the point that this
constitutes a current vulnerability for switches, but I am wondering
why it could be considered anything short of brain-damaged for a
switch's learning algorithm to behave that way.  Sure, let me swap
ports, but unlearn the old port assignment before doing so and don't
just bridge the two together, as you say, is my general feeling here.
Why do switches do this?

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message