On Monday 16 July 2007 19:28:17 Philipp Snizek wrote:
On Monday 16 July 2007 17:30:38 Philipp Snizek wrote:
Yes. That would help it and also stop man in the middle at least between the switch and the Hosts n. have you got experience what performance impact 802.1x has on 1GBit/s ethernet?
As I said before, you can do with simply allowing no more than one MAC address to appear on a single switch port. You could also set the allowed mack addresses manually. This eliminates the need of authentication (802.1x or not). So no overhead.
Networks cannot be secured by adding static MAC addresses to a switch (e.g. Cisco 29xx, port security feature). You start the legal client, write down its ip and mac, start your illegal notebook were you are root, spoof the mac and the ip, unplug the network cable from the client, plug it into the notebook. The switch will think you just unplugged and plugged the very same client.
Please teach me otherwise should I be wrong.
Philipp
That is correct, but here you have no man-in-the-middle. The trick works just fine when you have the laptop connected to a different end-point, trying to sniff other people's traffic. You are talking about a network that is not phisically secure. Then you do need proper authentication. -- Blade hails you... Teach me passion for I fear it's gone Show me love, hold the lorn So much more I wanted to give to the ones who love me I'm sorry Time will tell (this bitter farewell) I live no more to shame nor me nor you And you... I wish I didn't feel for you anymore... --Nightwish