[Dshield] Multi- Honed Servers

Tim Tuck tim.tuck at penrith.net
Thu May 30 20:04:55 GMT 2002


John Groseclose wrote:
> 
> * Samantha Fetter <sama at enteract.com> [020530 07:12]:
> > Just to throw another 2cents in here, where I work we also don't allow
> > crossing a firewall boundary on switches, i.e. having the two
> > separate VLANs from either side of the firewalls on the same switch.
> 
> This, I think, is an excellent practice, given that a catastrophic failure might result in the switch being replaced with one that doesn't have the configuration correct.
> 

It should be common practice since some switches are highly vulnarable
to ARP flooding, i.e. if you overrun the arp cache of some switches they
stop being a switch thus directing traffic to all ports and thus become
a hub. blech...

cheers

Tim




More information about the list mailing list