I have set up secure LANs using both Synoptics/Bay Networks and 3Com
hubs. Setting this up is not difficult; administering it long-term in a
large environment is.
You need a well-documented cable plant, end stations documented by user,
location, cable drop, MAC address and IP address, and, of course, your
hubs documented by location, cable drop-to-port and MAC address-to-port.
You need a system that allows your records to be maintained accurately by
Your users and help desk will need to know that only a specific system is
permitted on a specific port, and your maintenance technicians will need
to know that swapping out a NIC, PC, etc. will require that the MAC
address assigned to a given port will also need to be changed. When you
think of "standard" swap-out troubleshooting procedures, you can see why
this is a problem.
On Sat, 31 Jan 1998, Henry Hertz Hobbit wrote:
> On Fri, 30 Jan 1998, Doug Hughes wrote:
> > I don't think the effort would be worth it. Most sniffers are totally
> > passive devices, and by their nature, the only way to detect them
> > is physical inspection of your cable plant.
> > One thing that may be helpful in preventing hardware sniffer attachment
> > is via security enabled hubs where the MAC address of all ports is
> > hard-wired into the hub. Unused ports would be administratively disabled.
> > This will prevent somebody from unplugging a machine and plugging in a
> > sniffer. It will also prevent somebody from using an unoccupied port
> > on the off change that they would get access to the hub itself (which
> > should be in a locked closet).
> Aside from the fact that not all hubs support this, does anybody
> really have the time to do it with all the other stuff that they
> have to get done? If you or anybody else reading this can point us
> to any sites that are doing this successfully and what hubs would
> be the best to use, I think that we would all benefit. I guess it
> kind of depends on the volatility of the network you are on which
> at most places I have been is quite high.
> The Hobbit
> This message can't possibly have come from me! smrsh is not running
> so it *must* have come from somebody else going into the smtp port!!!