[nsp-sec] How to hijack traffic for an entire Content/Ad Company - ARP Poisoning revisited - 8800.org / 6600.org badness
Kevin Oberman
oberman at es.net
Thu Mar 27 12:15:02 EDT 2008
> From: Florian Weimer <fweimer at bfk.de>
> Date: Thu, 27 Mar 2008 16:37:20 +0100
> Sender: nsp-security-bounces at puck.nether.net
>
> ----------- nsp-security Confidential --------
>
> * Chris Morrow:
>
> > so.. port-security is a solved problem for datacenters no??
>
> Port security does not stop ARP cache poisoning. You also need static
> ARP tables on all nodes within the same broadcast domain. It's
> usually easier to give a dedicated IP layer interface to each host.
> In many environments, it's a challenge to implement that.
>
> I still don't get why IEEE insists on emulating shared media networks.
> Probably, We'll still end up running ARP on 100GE networks. *sigh*
Yep, and still have 1522 byte frames. It MAY be worth remembering that
10GE is the first Ethernet type which could not be shared media. I
remember GE hubs (repeaters, not switches) in the early days of GE.
Remember, the 802.3 working group is for Carrier Sense, Multiple Access
with Collision Detection (CSMA/CD). Only 10GE does not use carrier
sensing, is not multiple access and does not detect collisions (which
can't happen). The working group (or, at least some of its members)
seems to have a hard time accepting this.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080327/0d442d36/attachment-0001.sig>
More information about the nsp-security
mailing list