[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CARP: hub or switch ?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: CARP: hub or switch ?
From: naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de (Christian Weisgerber)
Date: Wed, 11 Aug 2004 13:00:06 +0000 (UTC)
Newsgroups: list.openbsd.misc

Per Engelbrecht <per_(_at_)_xterm_(_dot_)_dk> wrote:

> You however should care - always go for a switch, preferably a managed
> one.

Which reminds me:  Are there any papers out there looking at the
security implications of using managed switches, in particular if
you actually use their intelligent features?

Concerns that come to mind:
- Attacks against the switches themselves:  Manufacturer-supplied
  backdoor access, exploitation of firmware bugs for access or DoS.
- Leaking infrastructure information, e.g. GVRP enumerating the
  existing VLANs.
- Insertion of malicious packets into inter-switch protocols such
  as STP.
- Breaking down the separation between VLANs, e.g. because of people
  neglecting to enable ingress filtering.

-- 
Christian "naddy" Weisgerber                          naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de

Prev by Date: Re: wi(4) reset problem [SOLVED]
Next by Date: Re: bgpd: "send_rtmsg: action foo, prefix bar/baz: (some error)"
Previous by thread: CARP: hub or switch ?
Next by thread: Re: Http Compression.
Index(es):
- Date
- Thread

Visit your host, monkey.org