On Sunday 25 March 2007 08:41, Jason Dixon wrote: > On Mar 25, 2007, at 11:24 AM, bofh wrote: > > On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote: > >> Disabling DTP, which should be done anyways, will prevent VLAN > >> hopping. I'm not sure what "arp-based thing" you're referring to > >> that wasn't fixed 5-6 years ago. Perhaps you're referring to arp > >> spoofing, which has nothing to do with VLANs. Please clarify. > > > > My point was that there may be future vulnerabilities, and it may > > be a good idea to keep that in mind for the original poster's > > designs. > > There may also be future vulnerabilities in physical ethernet. Guess > you'd better unplug now! ;-) >
Future? -Nope. It's been already done. http://www.wired.com/news/technology/0,70619-0.html http://www.wired.com/news/technology/1,70908-0.html Though the example is not formally "ethernet," physical access to the "tubes" still means you should consider yourself 0wnd. But bofh is kinda right, arp-cache poisoning (possibly the "thing" he was talking about?) is really very interesting. kind regards, JCR