[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arpwatch and more



On Fri, 16 Mar 2001 13:05:06 -0800, Mike Fedyk <mfedyk@matchmail.com>
wrote:
>On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote:
>> Please be aware, though, that the MAC address is trivial to forge
>> nowadays.
>Hmm, how does a switch deal with the same mac address coming from two ports
>at the same time?

It will probably flap. MAC address forging will only work if the host
that owns the forged MAC is switched off or disabled in some other
way.

>Does that mean that we've lost the added security from ethernet switches?  I
>can see that if a switch was fooled into sending traffic to two ports that
>could be a security problem, if security depends on the switching function.

Using a non-VLANned switch for security is a bad idea IMO.

Greeetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29



Reply to: