Security Basics mailing list archives
re: jeckyl hyde network
From: "Lee Burleson" <lburleso () hotmail com>
Date: Fri, 18 Apr 2003 08:27:29 -0500
It could probably be done, but it would take a manual effort to communicate with nodes that are on the same subnet but effectively not on the local Ethernet segment. I imagine that one would create local routing table entries for the destination IP address, with a gateway of the router.
So, this would be only part of an in-depth defense.I was thinking that using this feature may help you meet other operational requirements/desires.
- Lee
From: "Mada Dulate" <madadulate () hotmail com> To: lburleso () hotmail com Subject: re: jeckyl hyde network Date: Wed, 16 Apr 2003 13:41:54 -0400 But... can't one VLAN communicate with the other VLAN through the router? Thank you very much for your help! MadaFrom: "Lee Burleson" <lburleso () hotmail com> To: madadulate () hotmail com, security-basics () securityfocus com Subject: re: jeckyl hyde network Date: Wed, 16 Apr 2003 08:49:27 -0500You said you have a Cisco 2900 switch ... as part of the solution, you may be able to use private VLANs to divide the trusted and untrusted ports. the local router would be on a "promiscuous" port.In this configuration, the nodes in each community can only communicate amongst themselves but the router could communicate with all ports.Here's a great link to explain the concept: http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800e47e2.htmlNot sure if the 2900 even supports it; it may need a software upgrade to do so. If it doesn't support it, you could still learn something in the process. :)- Lee
_________________________________________________________________MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
---------------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- jeckyl hyde network Mada Dulate (Apr 10)
- RE: jeckyl hyde network Burton M. Strauss III (Apr 10)
- Re: jeckyl hyde network Ben (Apr 10)
- Re: jeckyl hyde network Mel (Apr 11)
- <Possible follow-ups>
- Re: jeckyl hyde network H Carvey (Apr 10)
- RE: jeckyl hyde network Chris Santerre (Apr 11)
- re: jeckyl hyde network Lee Burleson (Apr 16)
- RE: jeckyl hyde network Jon Pastore (Apr 17)
- FW: jeckyl hyde network crawford charles (Apr 17)
- re: jeckyl hyde network Lee Burleson (Apr 21)