|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eduardo_Campos
CREDOMATIC.COMDate: Tue Feb 06 2001 - 14:57:01 CST
Right, since VLANs are defined on hardware, how can you convince the switch
to give you a trunk port ?
That would be the only way to receive and send traffic to other VLANS.
VLANS were not designed with security on mind. Broadcast domain division in
fact is the best advantage you achieve with VLANs. Although, making VLANs
and creating access-lists on the router which enable communications between
them (if you permit it) can give you a very good way to have more strict
security.
"Lindqvist, Johan"
<johan.lindqvistDRIFTBO To: PEN-TESTSECURITYFOCUS.COM
LAGET.COM> cc:
Sent by: Penetration Subject: Re: [PEN-TEST] Spoofing switched networks
Testers
<PEN-TESTSECURITYFOCUS.
COM>
06-02-01 10:48 AM
Please respond to
Penetration Testers
Hi.
> Actually, sniffing isnt' that heard either. There are
> several ways to do
> it such as making the switch you are a trunk port and you need all the
> traffic. In order words, don't put a switch and VLANs in
> place and expect
> that to be your security because they can be defeated.
As for switching, I'm fully aware that it's not a security mechanism that
cannot be defeated easily. However that VLANs have no security impact is
news to me. Since VLANS are defined on physical switch port basis, how
could
they be used to receive or send traffic on other VLANs?
/Johan
-- Johan Lindqvist Security SpecialistDRIFTBOLAGET AB, MÖLNDALSVÄGEN 81, 412 63 GÖTEBORG, SWEDEN PHONE: +46 8-23 92 00 FAX: +46 709-73 46 70 DIRECT: +46 31-760 43 07 MOBILE: +46 709-73 87 07 johan.lindqvist
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]