Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?

---

• From: "Paul D. Robertson" <paul@xxxxxxxxxxxx>
• Date: Tue, 8 Apr 2008 10:10:14 -0400 (EDT)

---

On Mon, 7 Apr 2008, Darden, Patrick S. wrote:

Except that a layer two device can't tell if something is multicast or
broadcast or unicast or Anything in ipv4 or ipv6.... That's sorta the
definition of a layer two device. If it could discriminate amongst
layer 3 traffic, it would be a layer 3 device--a router, firewall, etc.

I've been doing networking since the broadband/baseband LAN thing a long
time ago, and I'm pretty cognizant of how it all works...

Layer 2 devices like switches have to forwrd layer 3 multicast packets out
ports for the multicast group, so they in essence have to peek up a layer
even though they're not "routers, firewalls, etc." They also have to
forward layer 3 broadcasts out all ports in a LAN or VLAN, once again
without being "routers, firewalls, etc."

Finally, there are alyer 2 broadcasts and layer 2 multicast addresses.
I'd suggest a Google of "layer 2 multicast addresss" for your increased
edification, and a good read of the IPv6 RFCs- because if you don't think
this stuff is going to be where "interesting" attacks and "poor
implementations" happen...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
    • From: Patrick Darden

• References:
  • Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
    • From: Darden, Patrick S.

• Prev by Date: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
• Next by Date: Re: [fw-wiz] Best way to drop forged TCP packets with RST flag set from comcast traffic shaping devices with iptables
• Previous by thread: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
• Next by thread: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows and Wi-Fi - starts well, frequency steps? ... UDP 123 differently from UDP 53. ... assuming the radio layer loss rates are less than 87.5% ... of layering violation, so I don't actually find this objectionable. ... Broadcasts really are broadcasts - you're not seeing ... (comp.protocols.time.ntp) Re: Defense in Depth ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ... (Security-Basics) Re: Firewalls: whats the use? ... We are thinking obviously of different firewalls here. ... machine network and an untrusted network. ... they are a separate tool that can be used to control what people ... have access to based on a SEPARATE OSI Layer. ... (comp.os.linux.security) Re: Maximum MAC multicast filters? --clarified-- ... > I want to subscribe to lots of layer 3 multicast groups. ... many NICs use an imperfect hash to filter ... (comp.dcom.lans.ethernet) Re: Layer 7 firewall Vs Stateful packet inspection firewall ... CheckPoint provides ... or 4th (TCP/IP) layer depending upon the model we're referring to. ... >> For simplistic discussion there are two primary types of firewalls. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2008-04