Firewalls: Re: Hacked hosts in a DMZ on a switch

Firewalls
(April 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Hacked hosts in a DMZ on a switch
From:	Josh Richards <jrichard @ livingston . com>
Date:	Sat, 11 Apr 1998 19:17:29 -0700 (PDT)
To:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 95 . 980411031144 . 7679G-100000 @ paradox . obfuscated . net>

On 11 Apr 1998, Michael Conlen wrote:

> If a host in a DMZ is hacked and the host is connected to a switch,
> wouldnt it be possible to forge ARP packets which supply the MAC address
> of 
> 
> FF:FF:FF:FF:FF:FF
> 
> and start the sniffer up?

Yes.  Just because you have a switched Ethernet in place, does not mean
you can't sniff packets destined for other hosts.  You need a router in
the middle to really seperate the two distinct data paths.

--jr

----
Josh Richards - <jrichard @
 livingston .
 com> - [Beta Engineer]
LUCENT Technologies - Remote Access Business Unit
(formerly Livingston Enterprises, Inc.)
http://www.livingston.com/

Follow-Ups:

Re: Hacked hosts in a DMZ on a switch
From: Eric Vyncke <evyncke @ cisco . com>

References:

Hacked hosts in a DMZ on a switch
From: Michael Conlen <meconlen @ intnet . net>

Indexed By Date	Previous:	Re: DMZ config question From: Josh Richards <jrichard @ livingston . com>
Indexed By Date	Next:	Re: Livingston's IRX211 firewall router From: Josh Richards <jrichard @ livingston . com>
Indexed By Thread	Previous:	Hacked hosts in a DMZ on a switch From: Michael Conlen <meconlen @ intnet . net>
Indexed By Thread	Next:	Re: Hacked hosts in a DMZ on a switch From: Eric Vyncke <evyncke @ cisco . com>