Full Disclosure mailing list archives
Re: vswitches: physical networks obsolete?
From: phocean <0x90 () phocean net>
Date: Sun, 06 Feb 2011 16:08:22 +0100
Hi Luigi,
vmware certifies the solution "DMZ+LAN" within a single vmware host with two vswitches.
This sounds highly questionable, especially after reading the article of Brad. The same goes with Cisco of course. So what else than the marketing guy certification can we get? Before designing an architecture, I need much more.
This is of course true until proven false, that is sending IP packets from the LAN or DMZ to Internet and viceversa bypassing the firewall protection. If you keep the netwok separated you bet that another piece of code (the firewall) could not be compromised.
Sure but in that case, this is not the same code, nor the same editor, hardware, etc. Of course there are exploits too, but the probability of having 2 exploits on totally differents devices at the same time is lower than only 1 exploit. - phocean _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Message not available
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Albert R. Campa (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? phocean (Feb 06)
- Re: vswitches: physical networks obsolete? Luigi Rosa (Feb 06)
- <Possible follow-ups>
- Re: vswitches: physical networks obsolete? Elazar Broad (Feb 07)