Vulnerability Development mailing list archives
Re: Vlans
From: Rainer Enders <renders () YIPES COM>
Date: Mon, 22 Jan 2001 17:59:07 -0800
However there are switches that have implemented certain countermeasures against certain attacks. But I guess you can probably always find something that they haven't thought off yet. Rainer -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Dom De Vitto Sent: Sunday, January 21, 2001 12:53 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Vlans Aaron D. Turner wrote: | The basic difference is fail-safe vs. fail-open. When 'bad | things happen' like the switch gets hammered with more packets | than it can deal with, how does it respond? There's no industry | standard to specify how switches or other devices should deal with | these kind of situations. Aaron is quite right, and frankly it's exactly his point that makes people so angry and shocked when they realise that the (expensive) switch they use, just ain't secure one eenie-weenie bit. To counter Aaron though, the industry standard is the marketing hype about backbone throughput, latency, bla, bla, - the marketing monkeys would have you believe that speed is everything. Why else does favorite switch maker have 3 levels of decoding the frames, with only the last actually confirming that the frame isn't corrupt. If you've ever seem a switch die under the load of flooding frames that start 'BAD' (in hex), you'll know why things happening ever so fast isn't so good when your switch (and trading-floor lan) is crashing. Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. mailto:dom devitto.com Mob. 07971 589 201 http://www.devitto.com Fax. 08700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -