On Wed, Jun 20, 2007 at 01:50:10PM -0400, Chris Buechler wrote:
> Any switch's CAM table can be overflowed by directly connected users,
> but good switches won't fully turn into a hub in that scenario. Good
> switches keep one CAM table per VLAN, and in the case of overflow, only
> the overflow
Bill Marquette wrote:
Low end switches have a tendency to not have enough ram or cpu to
handle a high volume mac spoofing attack and will usually end up
turning into a hub under this kind of attack, rendering your vlans
useless.
Any switch's CAM table can be overflowed by directly connected us
> Ahh, see there's your first problem. You trust your users :) I don't
> even trust myself, I'm certainly not about to trust my users :) At
> any rate, sounds like you don't have a solid need for the physical
> separation, it's best practice, but not always the right answer to the
> problem at
On 6/19/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:
On Tue, Jun 19, 2007 at 01:47:22PM -0500, Bill Marquette wrote:
> Low end switches have a tendency to not have enough ram or cpu to
> handle a high volume mac spoofing attack and will usually end up
If the switches are behind the pfsense firewa
On Tue, Jun 19, 2007 at 01:47:22PM -0500, Bill Marquette wrote:
> Low end switches have a tendency to not have enough ram or cpu to
> handle a high volume mac spoofing attack and will usually end up
If the switches are behind the pfsense firewall, and the users
are trusted, will this still happen
On 6/19/07, Greg Hennessy <[EMAIL PROTECTED]> wrote:
> > Mixing different trust levels on the same switch is rather frowned
> upon.
>
> Because of potential vulnerabilities in the switch OS, allowing an
> attacker to reassign VLANs?
Yes. The switch may be in a locked cabinet/cage, but never say
> > Who do you propose to bribe @ RIPE to get a /24 ? Can you pass me
> their
> > details via pm :-)
>
> Well, it's just 256 addresses, which is not excessive.
I remember those days :-). It was 1994 (cue the flashback LOL).
> I have a /24
> myself (thinly populated so far, but vservers can
On Tue, Jun 19, 2007 at 10:40:12AM +0100, Greg Hennessy wrote:
> >
> > Quick question, assuming I can get a /24 public network,
>
> Who do you propose to bribe @ RIPE to get a /24 ? Can you pass me their
> details via pm :-)
Well, it's just 256 addresses, which is not excessive. I have a /24
my
>
> Quick question, assuming I can get a /24 public network,
Who do you propose to bribe @ RIPE to get a /24 ? Can you pass me their
details via pm :-)
> and have
> a private /24 address (quite densely occupied), does it have any
> advantages,
> from the firewall simplicity point of view, or sh
Quick question, assuming I can get a /24 public network, and have
a private /24 address (quite densely occupied), does it have any advantages,
from the firewall simplicity point of view, or should I get for
a smaller network (say, /26)?
Some of the LAN machines need to have no access to the Inte
10 matches
Mail list logo