Firewall Wizards mailing list archives
Re: MAC blocking
From: Chuck Swiger <chuck () codefab com>
Date: Mon, 28 Nov 2005 17:09:32 -0500
On Nov 28, 2005, at 4:25 PM, Patrick M. Hausen wrote:
Keep in mind that employing VLANs as a means of separating zones of different trust in a firewall implementation is still a subject of some discussion - it's not quite sure whether it is safe to assume that "VLAN hopping" is definitely impossible.
I would say it's not safe to assume that VLANs can be trusted to separate traffic with complete reliability, especially if it is possible for a malicious machine to gain access to a trunk port:
http://www.sans.org/resources/idfaq/vlan.php -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- MAC blocking Eric Appelboom (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)
- Re: MAC blocking Chuck Swiger (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)
- Re: MAC blocking Chuck Swiger (Nov 28)
- Re: MAC blocking Paul D. Robertson (Nov 28)
- Re: MAC blocking Chris Byrd (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)