On Tue, Jun 19, 2007 at 01:47:22PM -0500, Bill Marquette wrote: > Low end switches have a tendency to not have enough ram or cpu to > handle a high volume mac spoofing attack and will usually end up
If the switches are behind the pfsense firewall, and the users are trusted, will this still happen? (Okay, if DMZ is compromised, and attack is launched from within). > turning into a hub under this kind of attack, rendering your vlans > useless. Plus you are relying on software to keep your network > segregated, physical separation is easier to keep the paranoia down ;) My dayjob is not exactly Fort Knox, and we do occasionally have incidents (best firewall is useless if people put default accounts out, or the web application behind the firewall is written by security naifs). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
