North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: customers and web servers and level one naps
At 03:03 PM 9/10/96 -0700, Michael Dillon wrote: >On Tue, 10 Sep 1996, Justin W. Newton wrote: > >> >Therefore, you should only connect trusted pieces of equipment to a >> >level-2 media unless it is being used as a point-to-point media. Lets use >> >Ethernet as an example. If you connect a customer web server to an >> >Ethernet then they can sniff any traffic that goes by and possibly do >> >nasty things like spoofing. Even if they would never do such a thing they >> >may be hacked by somebody who would do such a thing. So it is not a good >> >idea to share a level 2 media in this way. >> >> The MAE's are switches. Unless you are sending super secret BROADCAST >> traffic the security implications you are mentioning are non-existant. > >What about people hacking MAC addresses or screwing around with ARP and >BOOTP? He was asking about attaching a customer web server to the exchange >so presumably anything could be done on that box. The same can be done with some routers. Justin Newton Internet Architect Erol's Internet Services - - - - - - - - - - - - - - - - -
|