Date: Fri, 20 Aug 1999 23:14:22 -0600 From: Wes Peters <wes@softweyr.com> To: Cliff Skolnick <cliff@steam.com> Cc: Bigby Findrake <bigby@shiva.eu.org>, jay d <service_account@yahoo.com>, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, Evren Yurtesen <yurtesen@ispro.net.tr>, freebsd-security@FreeBSD.ORG Subject: Re: multiple machines in the same network Message-ID: <37BE35AE.23088FB2@softweyr.com> References: <Pine.BSF.4.10.9908201329220.68821-100000@lazlo.internal.steam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cliff Skolnick wrote: > > Hacked arp code on one machine could return a broadcast or multicast > ethernet address to an arp query for any machine. The switch would then > treat all traffic as broadcast sending it to every port. Since the machines > TCP/IP layer would receive the packet it woudl still be on the network, of > course it would be receiving and dropping a bit more. Performance may be > effected. :) > > You really want the machines on a seperate segment and to be routed instead > of switched. No, you don't, you want them on seperate VLANs, each of which is it's own broadcast domain. Then your trick won't do anything at all. Go read http://www.xylan.com/library/switchbook/index.html and read "The Switching Book II." It's a short read, and will bring you up to date on what VLANs are and how they can protect segments of your network. Then look aroundfor a reasonably priced VLAN-capable switch and learn how to use it. <PLUG> Check out http://www.shopper.com/prdct/721/192.html for a head start on your shopping. ;^) </PLUG> <ANTI-PLUG> For a better price/port, see http://www.shopper.com/prdct/768/063.html These guys are very hard to beat -- for a few more months. ;^) </ANTI-PLUG> -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37BE35AE.23088FB2>