nanog mailing list archives
Re: sniffer/promisc detector
From: Valdis.Kletnieks () vt edu
Date: Sat, 17 Jan 2004 15:14:10 -0500
On Sat, 17 Jan 2004 11:30:13 PST, Donovan Hill said:
Maybe this is just a stupid comment, but if the original poster is that concerned with their LAN being sniffed, then maybe they should consider using IPSec on their LAN.
Amen to that. It's actually easier to sleep at night if you start off with the assumption that every single packet is received by both the intended recipient and the entity you *least* want getting said packet, and then designing your communications accordingly.. Similarly for spoofed and MITM attacks - assume they WILL happen, and plan accordingly. Proper use of IPSec/OpenSSH/OpenSSL, with key/cert checking as appropriate, goes a LONG way to raising the bar WAY up on the attacker. Just don't forget about endpoint security - waay too many sites deploy OpenSSL so credit card info can't be sniffed, and then leave the suckers in plaintext on the web server. :)
Attachment:
_bin
Description:
Current thread:
- sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector Laurence F. Sheldon, Jr. (Jan 16)
- Re: sniffer/promisc detector Joel Jaeggli (Jan 16)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 16)
- Re: sniffer/promisc detector Sam Stickland (Jan 17)
- Re: sniffer/promisc detector Scott McGrath (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Deepak Jain (Jan 17)
- Re: sniffer/promisc detector E.B. Dreger (Jan 18)
- Re: sniffer/promisc detector Laurence F. Sheldon, Jr. (Jan 16)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Scott McGrath (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)