[nsp] PIX 535 stateful failover
Daniel Roesen
dr at cluenet.de
Mon Jun 14 06:59:22 EDT 2004
On Mon, Jun 14, 2004 at 11:41:59AM +0100, Ryan O'Connell wrote:
> There's no reasonably likely scenario I can think of in which
> having a trunk to the firewall would be any less secure than having two
> non-trunked connections to the firewall from the same switch on
> different VLANs.
http://www.securityfocus.com/archive/1/26008
http://www.securityfocus.com/archive/1/27062
Just for ONE publicly known VLAN hopping problem.
Other techniques involve e.g. flooding the switch which then becomes
essentially a single broadcast domain hub.
Regards,
Daniel
More information about the cisco-nsp
mailing list