Re: MBone

To: "Gary E. Miller" <gem at rellim.com>
Subject: Re: MBone
From: Joe Touch <touch at ISI.EDU>
Date: Mon, 23 Sep 2002 15:01:01 -0700
Cc: ietf at ietf.org
References: <Pine.LNX.4.44.0209231451030.16485-100000@catbert.rellim.com>
Sender: owner-ietf at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826

Gary E. Miller wrote:

Yo Joe!

On Mon, 23 Sep 2002, Joe Touch wrote:

root has no problem seeing adjacent UDP even on a switch.  Just
overflow the arp cache or poison it.


That all presumes the switch doesn't detect this as an attack and
shutdown that link, which is an entirely reasonable reaction.


resonable yes, practical, no.

The only way I know to prevent this is to hard code the MACs on the
switch.  This is time consuming to install and to maintain.


It's sufficient to have the switch detect high rates of change, or large
numbers of MAC addresses as an attack. That's practical enough.

Barring that, please name ONE switch, or cite ONE credible reference
source, where arpspoofing is prevented at the switch by any means short
of harcoding the MACs.


Practical != economical. Further, there are MACs which are hardcoded
(i.e. to prevent overwrite of MAC addresses).

What I said was that it was EASY to get at multicast, not that it wasn't
impossible to get at unicast.

Joe

Follow-Ups:
- Re: MBone
  - From: Joe Touch

References:
- Re: MBone
  - From: Gary E. Miller

Prev by Date: Re: MBone
Next by Date: Re: MBone
Previous by thread: Re: MBone
Next by thread: Re: MBone
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: MBone

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.