Re: HP BL30's and VLAN's
From: jkowall (jkowall_at_shocking.net)
Date: 03/04/05
- Previous message: David Cravshaw: "Re: UNIX/Windows audit scripts"
- Maybe in reply to: Merrick, Carl: "HP BL30's and VLAN's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Mar 2005 12:10:36 -0500 To: Michael Sierchio <kudzu@tenebras.com>
You can arp spoof any switch that is misconfigured. You can gain a span
port on seperated switches as well, its just 2 spans versus one.
Having proper IDS and monitoring is the only way to detect and prevent
this stuff.
Michael Sierchio wrote:
> jkowall wrote:
>
>> VLANs are just as secure as different switches.
>
>
> I beg to differ. It is possible to gain a spanning port on a
> VLAN switch, either through the normal mechanism or by overloading
> the MAC db.
>
> Even under normal operation, you won't be getting the same
> degree of traffic separation.
>
> Regards,
>
> Michael Sierchio
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Previous message: David Cravshaw: "Re: UNIX/Windows audit scripts"
- Maybe in reply to: Merrick, Carl: "HP BL30's and VLAN's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
