Firewall Wizards mailing list archives
Re: Q on external router
From: Peter Jeremy <peter.jeremy () alcatel com au>
Date: Fri, 24 Apr 1998 07:16:24 +1000 (EST)
On Thu, 23 Apr 1998 03:25:14 -0400 (EDT), Adam Shostack <adam () homeport org> wrote:
Vinci Chou wrote:
| I am wondering if any one can share his/her experience of using a switch
| in the DMZ.
Do not rely on switches because switches are not designed for
security.
Whilst I don't use switches in a DMZ, I do have a datapoint from an internal system I administer. I once took some measurements and found that 2.2% of the packets received by a machine on its own switchport were unicast packets not intended for it (based on 9 1/2 hours of measurements, capturing just over 4e6 packets). Since I was looking at performance, rather than security, I didn't bother examining the unexpected packets in detail. Peter -- Peter Jeremy (VK2PJ) peter.jeremy () alcatel com au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
Current thread:
- Re: Q on external router, (continued)
- Re: Q on external router Roger Marquis (Apr 24)
- Re: Q on external router tqbf (Apr 25)
- Re: Q on external router Adam Shostack (Apr 26)
- Re: switched DMZ (was Q on external router) Roel JT Jonkman (Apr 23)
- Re: Q on external router Bennett Todd (Apr 23)
- Re: Q on external router tqbf (Apr 24)