Subject: Re: inetd.conf defaults
From: Wolfgang Rupprecht <>
Date: 05/28/2000 11:10:50
> That's easy - replace all your 10base-T hubs (and thinnet) with
> switches. Can't sniff what you can't see. 8-port 10/100 FDX switches
> are around $100 now.

I am told this will help, but not completely prevent sniffing.
Switches will still broadcast a packet to each port if their internal
arp cache doesn't contain an interface mapping of the destination MAC
address to destination interface.  A DOS attack against the switch's
arp table (by overflowing it etc) should get it to fall-back to
broadcast mode.

       Wolfgang Rupprecht
