Re: HP BL30's and VLAN's

From: jkowall (jkowall_at_shocking.net)
Date: 03/04/05

  • Next message: Dan Rogers: "Testing large networks"
    Date: Fri, 04 Mar 2005 12:10:36 -0500
    To: Michael Sierchio <kudzu@tenebras.com>
    
    
    

    You can arp spoof any switch that is misconfigured. You can gain a span
    port on seperated switches as well, its just 2 spans versus one.

    Having proper IDS and monitoring is the only way to detect and prevent
    this stuff.

    Michael Sierchio wrote:

    > jkowall wrote:
    >
    >> VLANs are just as secure as different switches.
    >
    >
    > I beg to differ. It is possible to gain a spanning port on a
    > VLAN switch, either through the normal mechanism or by overloading
    > the MAC db.
    >
    > Even under normal operation, you won't be getting the same
    > degree of traffic separation.
    >
    > Regards,
    >
    > Michael Sierchio

    
    



  • Next message: Dan Rogers: "Testing large networks"