[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CARP: hub or switch ?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: CARP: hub or switch ?
- From: naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de (Christian Weisgerber)
- Date: Wed, 11 Aug 2004 13:00:06 +0000 (UTC)
- Newsgroups: list.openbsd.misc
Per Engelbrecht <per_(_at_)_xterm_(_dot_)_dk> wrote:
> You however should care - always go for a switch, preferably a managed
Which reminds me: Are there any papers out there looking at the
security implications of using managed switches, in particular if
you actually use their intelligent features?
Concerns that come to mind:
- Attacks against the switches themselves: Manufacturer-supplied
backdoor access, exploitation of firmware bugs for access or DoS.
- Leaking infrastructure information, e.g. GVRP enumerating the
- Insertion of malicious packets into inter-switch protocols such
- Breaking down the separation between VLANs, e.g. because of people
neglecting to enable ingress filtering.
Christian "naddy" Weisgerber naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de
Visit your host, monkey.org