Re: arpwatch and more

To: debian-isp@lists.debian.org
Subject: Re: arpwatch and more
From: Marc Haber <debian-isp.lists.debian.org@marc-haber.de>
Date: Sat, 17 Mar 2001 10:50:20 +0100
Message-id: <[🔎] E14eDLo-0000K9-00@torres.ka0.zugschlus.de>
In-reply-to: <[🔎] 20010316130506.A15997@mikef-linux-x86>
References: <[🔎] 200103161728.MAA05966@announce.com> <[🔎] E14e0mO-00007G-00@torres.ka0.zugschlus.de> <[🔎] 20010316130506.A15997@mikef-linux-x86>

On Fri, 16 Mar 2001 13:05:06 -0800, Mike Fedyk <mfedyk@matchmail.com>
wrote:
>On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote:
>> Please be aware, though, that the MAC address is trivial to forge
>> nowadays.
>Hmm, how does a switch deal with the same mac address coming from two ports
>at the same time?

It will probably flap. MAC address forging will only work if the host
that owns the forged MAC is switched off or disabled in some other
way.

>Does that mean that we've lost the added security from ethernet switches?  I
>can see that if a switch was fooled into sending traffic to two ports that
>could be a security problem, if security depends on the switching function.

Using a non-VLANned switch for security is a bad idea IMO.

Greeetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

Follow-Ups:
- Re: arpwatch and more
  - From: "Tim Kent" <tim@rendrag.net>

References:
- arpwatch and more
  - From: Allen Ahoffman <ahoffman@announce.com>
- Re: arpwatch and more
  - From: Marc Haber <debian-isp.lists.debian.org@marc-haber.de>
- Re: arpwatch and more
  - From: Mike Fedyk <mfedyk@matchmail.com>

Prev by Date: Re: Remote shutdown ... of Win95
Next by Date: making own dep packages
Previous by thread: Re: arpwatch and more
Next by thread: Re: arpwatch and more
Index(es):
- Date
- Thread