[nsp] PIX 535 stateful failover
Arnold Nipper
arnold at nipper.de
Mon Jun 14 07:06:46 EDT 2004
On 14.06.2004 12:59 Daniel Roesen wrote:
> On Mon, Jun 14, 2004 at 11:41:59AM +0100, Ryan O'Connell wrote:
>
>>There's no reasonably likely scenario I can think of in which
>>having a trunk to the firewall would be any less secure than having two
>>non-trunked connections to the firewall from the same switch on
>>different VLANs.
>
>
> http://www.securityfocus.com/archive/1/26008
> http://www.securityfocus.com/archive/1/27062
>
> Just for ONE publicly known VLAN hopping problem.
Which only is a problem if not properly fixed.
> Other techniques involve e.g. flooding the switch which then becomes
> essentially a single broadcast domain hub.
>
Which would not happen if you have two non-trunked connections??
Arnold
More information about the cisco-nsp
mailing list