IPSec, is it possible?
Justin Krejci
jus at krytosvirus.com
Tue Oct 10 14:29:11 PDT 2006
On Tue, 10 Oct 2006 16:16:01 -0400 (EDT), "Daniel T. Staal" <DStaal at usa.net> wrote:
> On Tue, October 10, 2006 4:05 pm, Jens Ropers said:
>>> I just don't like the feeling that people from my LAN
>>> can see which web pages I read what e-mails I receive e.t.c. Yes I have
>>> switches but everybody knows that this does not mean any protection.
>>> Many
>>> sniffers are able to sniff on switched network without any problem.
>>>
>>> MK
>>
>> This is probably a really stupid newbie question, but can anyone
>> explain why sniffing other users' traffic on a properly switched
>> network is even possible? How would that work? Presumably the
>> eavesdropper would need to get a switch to send that traffic to their
>> own box, no?
>
> I can only think of two ways:
> * The 'switch' isn't actually a switch, or it's not configured properly.
> It is instead (acting as) a hub, and just has the name 'switch' on the
> case.
> * The switch has been hacked to do the eavesdropping itself, or to forward
> some selection of the traffic to the eavesdropper.
>
> Neither are impossible. Both are easier to prevent than setting up an
> IPSEC bridge. (And have better performance characteristics as well.)
>
The eavesdropper could be using something like arp poisoning, ettercap, or have access to the switch to configure it to mirror port traffic like was mentioned. Plus, what if the switch is not physically locked down, someone could go in and move your ethernet cable to another device of their choosing.
More information about the Openbsd-newbies
mailing list