Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A switch? A router? What am I looking for??
- From: Woody Weaver <woody@xxxxxxxxxxxxx>
- Subject: Re: A switch? A router? What am I looking for??
- Date: Mon, 29 Jun 1998 13:04:41 -0700
At 01:59 PM 6/29/98 +0000, Kokoro Security Administrator wrote: >Hello everyone - > >I am looking for the name of a piece of hardware, and don't know what it >is called. I am told that there exists such a thing (a switch? a router? >a special hub?) that will only send me traffic that is destined for me. simple definitions: --router: looks at a layer 3 address (such as an IP address) and forwards traffic between two or more interfaces based upon that address; also handles other duties such as media conversion; will change the datagram to reflect routing. Routers segment broadcast domains. --bridge: looks at layer 2 address (such as ethernet MAC) and forwards traffic between two interfaces based upon that address; sometimes handles other duties such as media conversion; often sends datagram through transparently. Bridges segment collision domains. --switch: multi-interface bridge; typically does not do media conversion; often sends datagrams through transparently >In other words, I am one of 100 users on a LAN, say, and all traffic on >this LAN gets routed through this >hub-like-thing-whose-name-I-am-searching. This thing knows all the >ethernet interfaces that is connected to it, and it only sends to >interface x the packets that are destined for that interface or are >broadcast. There are a couple of special cases you should be aware of, particularly unknown unicast. If a switch sees a destination mac that it has not seen before, it typically floods that packet on all (other) interfaces -- thus you may see traffic not destined for you, until (and if) the switch's bridge table picks up the new mac. (Thus switches are usually configured to learn new macs over time.) Important note: a switch is NOT a security device! It is engineered to improve throughput on a network by reducing collision domains. Yes, you will only see traffic destined for you, usually. However, devices that are not engineered to be secure usually aren't! For example, bridge tables are finite. If the switch is configured in learning mode, then the black hat need only flood the bridge table with new macs -- the old, private macs are deleted -- and now all traffic is again visible. Put in a switch to improve bandwidth, not out of a sense of security. > >Is this a switch? Does it even exist? > >Thanks for any replies to help a novice - > >Richard Hakim --woody -- Robert Wooddell Weaver email: woody.weaver@xxxxxxxxxxxxx Network Engineer voice: 510.358.3972 Williams Communication Solutions pager: 510.702.4334
- Follow-Ups:
- [linux-security] Re: A switch? A router? What am I looking for??
- From: Christopher Hicks
- [linux-security] Re: A switch? A router? What am I looking for??
- Prev by Date: check-ps-1.2alpha5 released
- Next by Date: [linux-security] Re: A switch? A router? What am I looking for??
- Previous by thread: check-ps-1.2alpha5 released
- Next by thread: [linux-security] Re: A switch? A router? What am I looking for??
- Index(es):