[unisog] Network security police no hubs/switches/routers?

Kang Liu liukang at bjut.edu.cn
Tue May 24 00:13:40 GMT 2005


> #1 is security, which is apropos given the mailing list here.  Those types
of
> devices enable others to more easily sniff traffic that is more secure in
a
> non-extended network.

Why? It would only make sniffing traffic that connected to their own devices
easier, if in a pure switched campus network.

> I'm sure we've all seen rogue DHCP servers perform
> rather effective DOS actions by handing out bad IP addresses.

That is true; boring rogue DHCP servers...but DHCP snooping will avoid this
problem.

I do not agree on non-extended policy, I do not think it could enhance the
security of network, but it may affect the easy of use greatly.

Kang





More information about the unisog mailing list