[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [opensuse-security] packet labeling & routing decision based
From:       "Philipp Snizek" <mailinglists () belfin ! ch>
Date:       2007-07-16 16:28:17
Message-ID: 38317.172.17.0.1.1184603297.squirrel () webmail ! seaan ! net
[Download RAW message or body]

> On Monday 16 July 2007 17:30:38 Philipp Snizek wrote:
>> Yes. That would help it and also stop man in the middle at least between
>> the switch and the Hosts n.
>> have you got experience what performance impact 802.1x has on 1GBit/s
>> ethernet?
>
> As I said before, you can do with simply allowing no more than one MAC
> address
> to appear on a single switch port. You could also set the allowed mack
> addresses manually. This eliminates the need of authentication (802.1x or
> not). So no overhead.

Networks cannot be secured by adding static MAC addresses to a switch
(e.g. Cisco 29xx, port security feature).
You start the legal client, write down its ip and mac, start your illegal
notebook were you are root, spoof the mac and the ip, unplug the network
cable from the client, plug it into the notebook. The switch will think
you just unplugged and plugged the very same client.

Please teach me otherwise should I be wrong.

Philipp


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]