Because they can, sometimes, be made to fail open. Then, everything
is on one big LAN, and standard switch sniffing methods can reveal
all the network traffic.
-sq
On Tue, Feb 06, 2001 at 05:48:45PM +0100, Lindqvist, Johan wrote:
> Hi.
>
> > Actually, sniffing isnt' that heard either. There are
> > several ways to do
> > it such as making the switch you are a trunk port and you need all the
> > traffic. In order words, don't put a switch and VLANs in
> > place and expect
> > that to be your security because they can be defeated.
>
> As for switching, I'm fully aware that it's not a security mechanism that
> cannot be defeated easily. However that VLANs have no security impact is
> news to me. Since VLANS are defined on physical switch port basis, how could
> they be used to receive or send traffic on other VLANs?
>
> /Johan
>
> --
> Johan Lindqvist
> Security Specialist
>
>
> DRIFTBOLAGET AB, MÖLNDALSVÄGEN 81, 412 63 GÖTEBORG, SWEDEN
> PHONE: +46 8-23 92 00 FAX: +46 709-73 46 70
> DIRECT: +46 31-760 43 07 MOBILE: +46 709-73 87 07
> johan.lindqvist@driftbolaget.com http://www.driftbolaget.com
--
___________________________________________________________________________
Sam Quigley office: 917-320-6529|mobile: 917-826-9612|pager: 877-433-3452
<squigley_at_fiderus.com> <8774333452_at_skytel.com>
GPG Fingerprint: 0107 E044 A610 1686 94F4 A147 1C5E 33A3 C470 95E1
Fiderus Strategic Security & Privacy. 1-866-FIDERUS
Emergency Hotline: 1-877-595-8491
- application/pgp-signature attachment: stored
Received on Feb 06 2001
Intro
