Firewall Wizards mailing list archives

RE: Connecting networks securely with a switch

From: Ben Nagy <ben.nagy () marconi com au>
Date: Thu, 14 Dec 2000 10:47:21 +1030

-----Original Message-----

[quoted from tweir - I didn't see this hit the list?]

From: "Brian Denehy" <B.Denehy () securegate net> 
Subject: Re: [fw-wiz] Connecting networks securely with a 
switch

Repeat after me - a switch has no security enforcing

function. Throw away

the firewall, it's not doing anything for you if you

bypass it. There are

known attacks against switches which can't be fixed until

the protocols

(particularly 802.1q) are fixed.


Hi Brian,

Do you have any concrete attacks / examples in mind? I would really love to
be able to accurately assess risks with these kind of scenarios, but have
never been able to point to a bug which is not a vendor error. It sounds
like you're saying that there are known, protocol level (802.1q) attacks
which are vendor independant. If so, could you please elaborate?

Cheers,

--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Connecting networks securely with a switch tweir (Dec 12)
- <Possible follow-ups>
- Re: Connecting networks securely with a switch tweir (Dec 14)
- RE: Connecting networks securely with a switch Ben Nagy (Dec 15)