Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outsourcing firewalls & InfoSec Ops - Part I/II

From: "Paul D. Robertson" <proberts () clark net>
Date: Wed, 17 Dec 1997 09:53:43 -0500 (EST)
On Tue, 16 Dec 1997, chuck yerkes wrote:


With ISP's (that I would work with) who will host machines (or
give me full access to one of theirs), in my experience these
machines are on a separate segments and usually on a switch - so
sniffing from "my" machine becomes somewhat useless.


While that is generally true of customer machines these days, it is not 
always true of employee-owned machines.  While some places manage and 
have policies for employee-owned machines just like customer ones, others 
turn a blind eye and treat it as an undocumented feature of employement 
(or aren't aware of it at all), and they end up on a spare hub, not an 
expensive switch.  

Also, in a dynamicly routed environment, LAN sniffing isn't necessary if you 
can participate in or hijack routing.

We haven't started switching internally, so I don't know for sure (anyone?), 
but I wouldn't be surprised if most switches handed off the multicast 
addresses involved in things like OSPF to all ports by default either.      

Anyway, it's part of the risk model that I use for service providers, YMMV.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280
Previous By Date Next
Previous By Thread Next

Current thread: