Security Incidents mailing list archives
VS: Why can I see other traffic at switch environment just tcpdump?
From: "Toni Heinonen" <Toni.Heinonen () teleware fi>
Date: Wed, 9 Oct 2002 11:30:32 +0300
Switches should not be relied on as a security mechanism unless the switch specifically has (and has been configured to use) port security by the use of static assignment of MAC addresses to ports.
And rarely even then, as you can simply connect your computer with a cross-linked cable to a legal workstation, sniff the MAC address, and configure that to be your addy. If you get physical access to the network, you most likely can do this, too. We can never get perfect security, but we can raise the bar. At least now we've made the passive eavesdropper active, so s/he can be detected, at least a lot easier than a regular eavesdropper. I'd recommend a good PKI.
Kelly
Warm regards, -- Toni Heinonen, Teleware Oy Wireless +358 (40) 836 1815 Telephone +358 (9) 3434 9123 toni.heinonen () teleware fi www.teleware.fi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- VS: Why can I see other traffic at switch environment just tcpdump? Toni Heinonen (Oct 09)