Also Sprach Jason Lewis:
> While we are on the subject..... Care to go into detail about why
> VLAN's shouldn't be assumed to be secure either? I can't tell you
> how many "discussions" I have had why the firewall shouldn't be in
> just another VLAN off the 6509.
> I am sure the list would benefit.
I'd like to know. My impression was that tagged-VLANs could be
subverted; I think there was a paper written on it and possibly
exploit code published. But manually-configured VLANs seem secure,
unless the switch management software is subverted and the VLAN
configuration mucked with.
Wil
--
W. Reilly Cooley [EMAIL PROTECTED]
Naked Ape Consulting http://nakedape.cc
irc.linux.com #orlug,#pdxlug,#lnxs
The public demands certainties; it must be told definitely and a bit
raucously that this is true and that is false. But there are no certainties.
-- H.L. Mencken, "Prejudice"
PGP signature
