Re: False security in switches and a little more Rconsole.

[peter.jeremy () AUSS2 ALCATEL COM AU (Peter Jeremy)]

Chris Zagar <zagar () GCINFO GC MARICOPA EDU> wrote:
> > Ok, heres a very simple solution:  Buy a switch.
>
> Actually, switches do help, but they also run the risk of people actually
> believing that their switched connections are private, lulling you into a
> false sense of security.

[Description of port monitoring facilities deleted]

And quite apart from the documented and intentional port monitoring
facilities, the switch may leak packets.

I have a number of systems attached via switch ports to our backbone
(for traffic purposes).  Last year I took some traffic samples from a
machine connected to one brand of switch.  I recently repeated the
test with a different brand of switch.  In both cases, there were
about 2 packets per second (around 2% of the segment traffic) that
were unicast, and not intended for the machine that received them.

Moral: Don't rely on your switch for security.

Peter
--
Peter Jeremy (VK2PJ)                    peter.jeremy () alcatel com au
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247