Security Basics mailing list archives
RE: ARP Spoof Question
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 24 Jul 2003 10:03:26 -0700
Switches are layer 2 devices, IP begins at layer 3. A -switch- usually doesn't understand a single ip bit. The management side of the switch (snmp, http, telnet, whatever) are to be considered as any other networked host.------------------------ How would that apply to a layer 3 switch/router? Actually the packaging says that I have a Residential Gateway/Router/Firewall. Aren't gateways layer 7 devices? While switches are layer 2 devices, they deal with MAC addresses right? Maybe a "smart" switch knows which MAC addresses are allowed on the network? Or am I missing it all here? --Rivera--
1. "Residential Gateway/Router/Firewall"? I don't see "switch" in that list, do you? 2. However, many small home routers are now incorporating a switch on the LAN side. It's all in one box, but for purposes of understanding, it's more useful to think of it as two separate devices, one at layer 2 and one at layer 3. 3. "Gateway" is a generic term. A layer 2 gateway is a bridge (a switch is a multiport bridge). A layer 3 gateway is a router. A layer 7 gateway is a proxy. A protocol converter might sometimes get called a gateway. 4. Some switches do have some layer 3 awareness. The sort you will find bundled into the box with a home router (see #2, above) are not among them, however. Switches that are layer-3-aware can be useful, because it's easier to find the port associated with a given IP address than if you have to search by MAC address. Switches that are layer-3-aware can be a pain, because if you're not careful with your configuration, they'll start listening to RIP (from misconfigured clients...), or (I've seen this happen) sending ICMP and UDP traffic one way and TCP traffic another, or generating ICMP unreachable messages for packets that were delivered via another switch.... A switch that knows about layer 3 can serve as a router, but in my experience they rarely make very good routers. (I make an exception for the Cisco 5000/5500/6500 line, where the layer 3 intelligence amounts to a *good* router on a blade that fits in the switch chassis.) David Gillett --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: ARP Spoof Question David J. Bianco (Jul 23)
- <Possible follow-ups>
- RE: ARP Spoof Question David Gillett (Jul 23)
- Re: ARP Spoof Question Simon Gray (Jul 23)
- RE: ARP Spoof Question Stuart (Jul 24)
- RE: ARP Spoof Question David Gillett (Jul 24)
- RE: ARP Spoof Question Stuart (Jul 24)
- RE: ARP Spoof Question David Gillett (Jul 24)
- RE: ARP Spoof Question Stuart (Jul 24)
- RE: ARP Spoof Question The Fueley (Jul 24)
- RE: ARP Spoof Question David Gillett (Jul 24)
- Re: ARP Spoof Question Martin Brecher (Jul 28)