Re: RFC/Discuss: Replace KDE by LXDE on LTSP?
On Torsdag 30. april 2009, Vagrant Cascadian wrote:
> as i understand it, it is actually trivial to packet sniff on switches,
> and provides no real security benefit. all you have to do is enable
> promiscuous mode on your ethernet device, no?
It's a difference, explained in this article at net-security.org (Dec
2003):
Packet sniffing is a technique of monitoring network traffic. It is effective
on both switched and nonswitched networks. In a non-switched network
environment packet sniffing is an easy thing to do. This is because network
traffic is sent to a hub which broadcasts it to everyone. Switched networks
are completely different in the way they operate.
Switches work by sending traffic to the destination host only. This happens
because switches have CAM tables. These tables store information like MAC
addresses, switch ports, and VLAN information. Before sending traffic from
one host to another on the same local area network, the host ARP cache is
first checked. The ARP cache is a table that stores both Layer 2 (MAC)
addresses and Layer 3 (IP) addresses of hosts on the local network. If the
destination host isn’t in the ARP cache, the source host sends a broadcast
ARP request looking for the host. When the host replies, the traffic can be
sent to it. The traffic goes from the source host to the switch, and then
directly to the destination host. This description shows that traffic isn’t
broadcast out to every host, but only to the destination host, therefore
it’s harder to sniff traffic.
http://www.net-security.org/article.php?id=615
As the article explains switches handles traffic differently and to the
destination host only. Hubs are broadcasting their packages to all hosts.
Depending on the level of security you want in a school, switching gives
you a better starting point preventing package sniffing compared with hubs.
Best regards
Knut Yrvin
--
Skolelinux, relation manager
cell: + 47 934 79 561, phone: +47 21 60 27 58
http://www.skolelinux.no
Reply to: