[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CARP: hub or switch ?

Per Engelbrecht <per_(_at_)_xterm_(_dot_)_dk> wrote:

> You however should care - always go for a switch, preferably a managed
> one.

Which reminds me:  Are there any papers out there looking at the
security implications of using managed switches, in particular if
you actually use their intelligent features?

Concerns that come to mind:
- Attacks against the switches themselves:  Manufacturer-supplied
  backdoor access, exploitation of firmware bugs for access or DoS.
- Leaking infrastructure information, e.g. GVRP enumerating the
  existing VLANs.
- Insertion of malicious packets into inter-switch protocols such
  as STP.
- Breaking down the separation between VLANs, e.g. because of people
  neglecting to enable ingress filtering.

Christian "naddy" Weisgerber                          naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de