How do they deal with guaranteeing there is not IP address and MAC address spoofing? On November 26, 2015 12:48:45 PM PST, Steven Tardy <sjt5atra at gmail.com> wrote:>> On Nov 26, 2015, at 10:43 AM, Alice Wonder <alice at domblogger.net> >wrote: >> >> Is this sane ? > >No. Use VLANs instead of physical cables and physical switches. >https://en.m.wikipedia.org/wiki/VLAN >_______________________________________________ >CentOS mailing list >CentOS at centos.org >https://lists.centos.org/mailman/listinfo/centos-- Sent from my 'droid with K-9 Mail. Woof!
On 11/26/2015 12:51 PM, Alice Wonder wrote:> How do they deal with guaranteeing there is not IP address and MAC address spoofing?to run VLANs, you need a vlan capable switch. you only run the vlan trunk to your 'router'. all other switch ports are configured to be on one or another vlan, so there's no opportunity for spoofing. -- john r pierce, recycling bits in santa cruz
> On Nov 26, 2015, at 3:51 PM, Alice Wonder <alice at domblogger.net> wrote: > > How do they deal with guaranteeing there is not IP address and MAC address spoofing?VLANs simply provide the same thing you are doing in the physical world (creating distinct broadcast domains), but does so logically/virtually. IP/MAC spoofing can only occur within a given broadcast domain.
Am 26.11.2015 um 22:01 schrieb Steven Tardy <sjt5atra at gmail.com>:>> On Nov 26, 2015, at 3:51 PM, Alice Wonder <alice at domblogger.net> wrote: >> >> How do they deal with guaranteeing there is not IP address and MAC address spoofing? > > VLANs simply provide the same thing you are doing in the physical world (creating distinct broadcast domains), but does so logically/virtually. IP/MAC spoofing can only occur within a given broadcast domain.spoofing would not work without to be able to get the response i.e. massive compromised infrastructure ... -- LF