On Tue, 16 Apr 2002, Mikael Olsson wrote: > > Diederik Schouten wrote: > > > What if your router has a /16 on one side, if they are able to > > > mess with the switch connected to your routed firewall you are > > > down anyway. > > > > A routed firewall generally only has one MAC entry associated with its > > port, so the "add lots of MAC entries to the switch" stuff won't happen > > through the routing firewall. > > I think that point was actually about the switch on the > lesser-trusted side of the firewall, and, yes, that switch > can definately be screwed around with, the same way that > someone could ARP spoof the default gateway and deny > internet service to any type of firewall.
Right, but in the case of a "filled up the CAM table" type attack... > consider this a draw. But if your internal network needs to stay > up independently of the internet connection (almost always true?), > and/or you have multiple security zones (often true)? > I claim a point! :) This was the point I was making- layer 2 contamination of the internal network is possible. That's just with ARP too, I wonder if the default stuff that most bridged products pass is just ARP and IP traffic, or if there are more interesting "through the bridge" things possible. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
