Firewall Wizards mailing list archives
'silent VLAN's' & Security
From: "Aaron D. Turner" <aturner () vicinity com>
Date: Wed, 16 Jun 1999 12:40:54 -0700 (PDT)
My company is evaluating some co-lo providers. One provider (who will remain nameless) rather than giving each customer his own IP subnet/VLAN off their Cisco Catalyst and using an RSM, puts them in a *shared* VLAN on the same Class C. Each customer system connects directly to the shared Cat. So if I have 10 servers, I use 10 ports on the co-lo's Cat. It doesn't take a rocket scientist to see that any site can be DOS'ed to death if someone changes their IP on their system to be someone elses system. Implimenting a firewall between myself and other customers is plain impossible. I mentioned this to the company and they told me they were going to be implimenting Cisco's new (and yet released) 'silent VLAN' technology to prevent one customer from being able to see another customer. Everyone would still share the same Class C however. Now I know traditional VLAN's on Cisco Catalyst hardware can be forced to pass traffic between VLAN's, especially during high load (which being a co-lo company one would expect). I would expect that this flaw would also be in this silent VLAN technology. Also, what about someone changing their MAC address to be mine? And will 'silent VLAN's' really do what they say or is this some ploy to give me warm fuzzies because they don't want to have to re-architect their entire network? Does anyone have any info on silent VLAN's? Nothing on CCO, and apparently it's still in alpha which has made getting any info difficult at best. Thanks. -- Aaron Turner, CNE aturner () vicinity com 650.237.0311 x252 Network Engineer Vicinity Corp. http://www.vicinity.com Email-to-page: 6505721411.1146752 () pagenet net [Subject & Body sent]
Current thread:
- 'silent VLAN's' & Security Aaron D. Turner (Jun 20)