Re: [fw-wiz] MAC blocking

From: Chuck Swiger (chuck_at_codefab.com)
Date: 11/28/05

Next message: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"

Previous message: Paul D. Robertson: "Re: [fw-wiz] MAC blocking"
In reply to: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Next in thread: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Reply: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Patrick M. Hausen" <hausen@punkt.de>
Date: Mon, 28 Nov 2005 17:09:32 -0500

On Nov 28, 2005, at 4:25 PM, Patrick M. Hausen wrote:
> Keep in mind that employing VLANs as a means of separating zones
> of different trust in a firewall implementation is still a subject
> of some discussion - it's not quite sure whether it is safe to assume
> that "VLAN hopping" is definitely impossible.

I would say it's not safe to assume that VLANs can be trusted to
separate traffic with complete reliability, especially if it is
possible for a malicious machine to gain access to a trunk port:

http://www.sans.org/resources/idfaq/vlan.php

-- 
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"

Previous message: Paul D. Robertson: "Re: [fw-wiz] MAC blocking"
In reply to: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Next in thread: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Reply: Patrick M. Hausen: "Re: [fw-wiz] MAC blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > Firewall-Wizards > 2005-11