Well, for cizcoeee switches, configuring "DHCP snooping" and "Dynamic ARP inspection" could help (in order to armor switch against arp poisoning or dhcp impersonation, ie. to be better protected against sniffing on switch).
P. On 11/14/05, bofh <[EMAIL PROTECTED]> wrote: > On 11/13/05, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > > > This is an attack against TCP, not SSH. TCP is not encrypted (usually - > > IPSec or somesuch, with the proper settings, could make this impossible) > > - all that's required is some sequence numbers. > > > > And yes, a really good switch configured by something who really knows > > what he's doing will protect you from this. Fail either, and there's > > > > Hi, > what kind of config is needed? Just curious, thanx. > > -Tai > > -- "Security is decided by quality" -- Theo de Raadt
