On Tue, 31 Jul 2001, Dan Hollis wrote:
Hmmm, how about I lockdown all MAC addresses on switch ports and configure port IP filters and set the switch so filter violations automatically disable your port?
Dan, really, how many people do you know that actually enforce any of the above techniques ? Talking about security is fun, and can get tiresome, but, a network administrator or system administrator, or even an organization makes a decision how far they wish to go with it, and how willing they are to hinder the normal course of working. Just as an example, lets assume you use a FastEthernet interafce, with MAC address X. Tomorrow you find out that you're using some 80% of it, and you define a portchannel, with two FEs. The ARP address will change. Now, if you are running through a few networks, or even, if you are managing a few 10s of routers, doing what you are suggesting creates imense overheads of management. The idea is to work as secure as possible, without hindering work, and without creating more work, and spending alot more time (this money) on these things. Think about it for a minute. --Ariel
Then when you try this arp spoofing nonsense, your link goes down and I'll get paged so I can permanently correct your workstation with a sledgehammer.
-Dan
-- [-] Omae no subete no kichi wa ore no mono da. [-]
-- Ariel Biener e-mail: ariel@post.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html