[unisog] Vlan Broked

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Mar 29 15:32:03 GMT 2004


On Sun, 28 Mar 2004 16:23:18 EST, Frank Sweetser said:

> The SANS reading room has a pretty good paper on one groups attempts to
> bypass vlan enforced segregation.
> 
> http://www.sans.org/rr/papers/index.php?id=1090

Good paper (as a side note, the SANS Reading Room papers are usually quite good).

I'll make the comment that you'll never actually see any of those attacks "in
the wild" unless you've already done all the stuff in the Cisco and NSA guides
I just posted about.  You may be locked out of your own site, but you won't see
those attacks. :)

It's a cliche but true:  Security is only as strong as its weakest link.  Those
sorts of attacks are only ever seen at security-paranoid sites, because most
sites have much bigger gaping holes (remember - all it takes is one Windows box
that has a weak password on the Administrator user).  It's really quite rare
when a severely hardened site attracts the attention of an attacker that's
both skilled and determined.

40 million .COMs, and just as many script kiddies.  Do the basic stuff that will
stop them, and after that your best security measure is probably making sure
that your networking jocks and senior secretaries are paid well enough.

Seriously.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040329/a8ffe308/attachment-0003.bin


More information about the unisog mailing list