[Dshield] Internal LAN protection

Johannes B. Ullrich jullrich at euclidian.com
Sat Nov 24 03:50:59 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> There are commercial all-in-one boxes that will do the trick too, and
> they are a lot cheaper than PC.  I myself use a 4 port box from
> ZyXEL.

I don't know about the ZyXEL devices. But please do not mix up a $100 
linksys router / switch with a serious firewall.

Most (not just cheap) switches are vulnerable to ARP spoofing. Whoever 
claims that such a switch is more secure than a hub hasn't spent enough 
time playing with toys like hunt or ettercap.

Also, switches do not limit communications between the ports. You need a 
switch that looks at least at the IP layer to do much good.



- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7/xklVOIizK5pIDMRAsjdAKD4crvMbzPSBLMOGBMV2AwkqczvBwCg5Z6c
jDr3jlTRyV59LAxjX1f82M8=
=Zb0g
-----END PGP SIGNATURE-----




More information about the list mailing list