Subject: Re: inetd.conf defaults
To: None <tech-net@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-net
Date: 05/28/2000 11:10:50
> That's easy - replace all your 10base-T hubs (and thinnet) with
> switches. Can't sniff what you can't see. 8-port 10/100 FDX switches
> are around $100 now.
I am told this will help, but not completely prevent sniffing.
Switches will still broadcast a packet to each port if their internal
arp cache doesn't contain an interface mapping of the destination MAC
address to destination interface. A DOS attack against the switch's
arp table (by overflowing it etc) should get it to fall-back to
broadcast mode.
-wolfgang
--
Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet http://www.wsrcc.com/wolfgang/gps/dgps-ip.html