but what's with cam attack? http://en.wikipedia.org/wiki/CAM_Table#Attacks
they could attack a switch, and it will act as a hub? and then they can set promiscuous mode on their cards and sniff --- On Fri, 12/4/09, Tyler MacDonald <ty...@macdonald.name> wrote: From: Tyler MacDonald <ty...@macdonald.name> Subject: Re: two questions about ssh tunneling To: "Tudod Ki" <tudodk...@yahoo.com> Cc: "Debian User" <debian-user@lists.debian.org> Date: Friday, December 4, 2009, 10:13 PM Tudod Ki <tudodk...@yahoo.com> wrote: > if I: > > ssh -fND localhost:6000 someb...@192.168.56.5 -p PORTNUMBER > > from computer "A" to computer "B" [B = 192.168.56.5] then I can set the SOCKS > proxy for e.g.: Firefox to use "localhost:6000" on computer "A". Ok. I can > surf the web through "B". > > But: > - Can anyone sniff the traffic of "A"? [e.g.: computers on same subnet as > - "A"] Like DNS requests? - I think no, but I'm not sure :O I believe when you use SOCKS, your browser stops doing DNS resolution and just hands the hostnames directly to the SOCKS server. So all they would be able to sniff is your encrypted SSH session, which they (hopefully) can't decrypt. > - Can anyone sniff the traffic of computer "B"? e.g.: B computer is at a > - server farm [others in the farm can see the traffic?] - I think yes, but > - I'm not sure :O Yes, that's possible. However, in most colocated environments, you are on a switch, not a hub -- so in that case, the attacker would have to be sniffing directly from a router to see your traffic. If you want to know for sure, ask your ISP. - Tyler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org