Because they can, sometimes, be made to fail open. Then, everything
is on one big LAN, and standard switch sniffing methods can reveal
all the network traffic.

-sq

On Tue, Feb 06, 2001 at 05:48:45PM +0100, Lindqvist, Johan wrote:
> Hi.
>
> > Actually, sniffing isnt' that heard either. There are
> > several ways to do
> > it such as making the switch you are a trunk port and you need all the
> > traffic. In order words, don't put a switch and VLANs in
> > place and expect
> > that to be your security because they can be defeated.
>
> As for switching, I'm fully aware that it's not a security mechanism that
> cannot be defeated easily. However that VLANs have no security impact is
> news to me. Since VLANS are defined on physical switch port basis, how could
> they be used to receive or send traffic on other VLANs?
>
> /Johan
>
> --
> Johan Lindqvist
> Security Specialist
>
>
> DRIFTBOLAGET AB, MÖLNDALSVÄGEN 81, 412 63 GÖTEBORG, SWEDEN
> PHONE: +46 8-23 92 00 FAX: +46 709-73 46 70
> DIRECT: +46 31-760 43 07 MOBILE: +46 709-73 87 07
> johan.lindqvistdriftbolaget.com http://www.driftbolaget.com

-- 
___________________________________________________________________________
Sam Quigley   office: 917-320-6529|mobile: 917-826-9612|pager: 877-433-3452
<squigleyfiderus.com>                              <8774333452skytel.com>
GPG Fingerprint:         0107 E044 A610 1686 94F4  A147 1C5E 33A3 C470 95E1  
Fiderus Strategic Security & Privacy.                         1-866-FIDERUS
Emergency Hotline:                                           1-877-595-8491

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE6gKUoHF4zo8RwleERAjRqAJ9BZ+3pvgxztUJ7iQhtUI2Er+kDwACfZKK2 r6s5Qlw3pzpQ7glyGJElQ8o= =CDrk -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]