Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Hacked hosts in a DMZ on a switch
From: Josh Richards <jrichard @ livingston . com>
Date: Sat, 11 Apr 1998 19:17:29 -0700 (PDT)
To: firewalls @ GreatCircle . COM
In-reply-to: <Pine . LNX . 3 . 95 . 980411031144 . 7679G-100000 @ paradox . obfuscated . net>

On 11 Apr 1998, Michael Conlen wrote:

> If a host in a DMZ is hacked and the host is connected to a switch,
> wouldnt it be possible to forge ARP packets which supply the MAC address
> of 
> 
> FF:FF:FF:FF:FF:FF
> 
> and start the sniffer up?

Yes.  Just because you have a switched Ethernet in place, does not mean
you can't sniff packets destined for other hosts.  You need a router in
the middle to really seperate the two distinct data paths.

--jr

----
Josh Richards - <jrichard @
 livingston .
 com> - [Beta Engineer]
LUCENT Technologies - Remote Access Business Unit
(formerly Livingston Enterprises, Inc.)
http://www.livingston.com/



Follow-Ups:
References:
Indexed By Date Previous: Re: DMZ config question
From: Josh Richards <jrichard @ livingston . com>
Next: Re: Livingston's IRX211 firewall router
From: Josh Richards <jrichard @ livingston . com>
Indexed By Thread Previous: Hacked hosts in a DMZ on a switch
From: Michael Conlen <meconlen @ intnet . net>
Next: Re: Hacked hosts in a DMZ on a switch
From: Eric Vyncke <evyncke @ cisco . com>

Google
 
Search Internet Search www.greatcircle.com