[Dshield] Internal LAN protection
Stephen L Fowler
slfowler at visto.com
Sun Nov 25 01:27:23 GMT 2001
Even better, got an old 486 or pentium in the corner and you don't know what to do with it? Pop in a couple of ethernet cards and go to http://www.smoothwall.org/gpl Far better product and for price far cheaper.
Date: Fri, 23 Nov 2001 22:50:59 -0500 (EST)
From: "Johannes B. Ullrich" <jullrich at euclidian.com>
To: <dshield at dshield.org>
Subject: RE: [Dshield] Internal LAN protection
Reply-To: dshield at dshield.org
-----BEGIN PGP SIGNED MESSAGE-----
> There are commercial all-in-one boxes that will do the trick too, and
> they are a lot cheaper than PC. I myself use a 4 port box from
I don't know about the ZyXEL devices. But please do not mix up a $100
linksys router / switch with a serious firewall.
Most (not just cheap) switches are vulnerable to ARP spoofing. Whoever
claims that such a switch is more secure than a hub hasn't spent enough
time playing with toys like hunt or ettercap.
Also, switches do not limit communications between the ports. You need a
switch that looks at least at the IP layer to do much good.
Find out how companies are linking mobile users to the
enterprise with Visto.
More information about the list