|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Web Development Archives Sponsor:
|
|
|
|
#1
July 16th, 2007, 10:19 AM
|
|||
|
|||
|
packet labeling & routing decision based on these labels
Monday 16 July 2007 17:30:38 Philipp Snizek wrote:
Yes. That would help it and also stop man in the middle at least between the switch and the Hosts n. have you got experience what performance impact 802.1x has on 1GBit/s ethernet? As I said before, you can do with simply allowing no more than one MAC address to appear on a single switch port. You could also set the allowed mack addresses manually. This eliminates the need of authentication (802.1x or not). So no overhead. -- Blade hails you night I dreamt a white rose withering a newborn drowning a lifetime loneliness I dreamt all my future. Relived my past And witnessed the beauty of the beast PGP SIGNATURE Version: GnuPG v1.4.2 (GNU/Linux) zaeKd0frInj47o7oYG8IIj0= =tlTU PGP SIGNATURE
|
|
#2
July 17th, 2007, 06:19 AM
|
|||
|
|||
|
packet labeling & routing decision based on these labels
Monday 16 July 2007 19:28:17 Philipp Snizek wrote:
Monday 16 July 2007 17:30:38 Philipp Snizek wrote: >Yes. That would help it and also stop man in the middle at least between >the switch and the Hosts n. >have you got experience what performance impact 802.1x has on 1GBit/s >ethernet? > As I said before, you can do with simply allowing no more than one MAC address to appear on a single switch port. You could also set the allowed mack addresses manually. This eliminates the need of authentication (802.1x or not). So no overhead. > Networks cannot be secured by adding static MAC addresses to a switch (e.g. Cisco 29xx, port security feature). You start the legal client, write down its ip and mac, start your illegal notebook were you are root, spoof the mac and the ip, unplug the network cable from the client, plug it into the notebook. The switch will think you just unplugged and plugged the very same client. > Please teach me otherwise should I be wrong. > Philipp That is correct, but here you have no man-in-the-middle. The trick works just fine when you have the laptop connected to a different end-point, trying to sniff other people's traffic. You are talking about a network that is not phisically secure. Then you do need proper authentication. -- Blade hails you Teach me passion for I fear it's gone Show me love, hold the lorn So much more I wanted to give to the ones who love me I'm sorry Time will tell (this bitter farewell) I live no more to shame nor me nor you And you I wish I didn't feel for you anymore PGP SIGNATURE Version: GnuPG v1.4.2 (GNU/Linux) RnwS2uCKJ18r0SK+RFJ8AUk= =e19P PGP SIGNATURE
|
|
| Viewing: Web Development Archives > Mailing Lists > Linux Security > packet labeling & routing decision based on these labels |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
