bezpecnost nesifrovane komunikace na siti

[Stanislav Meduna]

On Sun, 5 Jan 2003 14:45:31 +0000 (UTC), Dalibor Straka wrote:

: Zkritizujte ho. Na siti neni zadny koax ani jine sdilene medium. Aktivni
: prvky jsou router/firewall pro pristup do netu a za nim switche. Tudiz
: nikdo nemuze odposlechnout jediny packet vychazejici z meho pocitace az
: do firewallu.

Bavime sa tu o utoku zvonku alebo zvnutra? Lebo obecne nebude
problem machinaciami s MAC adresami a ARP-om presvedcit
switch, aby nieco poslal aj do ineho segmentu.

Ked sme uz pri tom, ako casto posiela Linux ARP dotazy?
Timeout ARP tabulky je zda sa radu niekolko malo minut.
Ale ked obcas nieco ladim a mam pusteny tcpdump alebo
ethereal, vidim ARP premavky podstatne viac, ako by som
ocakaval a obcas aj take zaujimavosti, ze mi masina veselo
nieco posiela a za par sekund sa opyta na MAC adresu.
Jeden priklad (mena masin a MAC adresy su zmenene -
paranoiu treba pestovat :-)):

23:07:53.592452 aaa > bbb: icmp: echo request (DF)
23:07:53.598306 bbb > aaa: icmp: echo reply
23:07:54.603379 aaa > bbb: icmp: echo request (DF)
23:07:54.608371 bbb > aaa: icmp: echo reply
23:07:55.613372 aaa > bbb: icmp: echo request (DF)
23:07:55.618297 bbb > aaa: icmp: echo reply
23:07:56.623370 aaa > bbb: icmp: echo request (DF)
23:07:56.628304 bbb > aaa: icmp: echo reply
23:07:57.633366 aaa > bbb: icmp: echo request (DF)
23:07:57.638019 bbb > aaa: icmp: echo reply
23:07:58.596834 arp who-has aaa tell bbb
23:07:58.596900 arp reply aaa (0:90:d1:6:87:12) is-at 0:90:d1:6:87:12

Naco sa bbb pyta na aaa, ked mu za poslednych 5 sekund veselo
posiela pakety a jeho MAC adresu vie? Zaujimave ale je, ze pred
prvym echo reply ziadny request nebol - tam pouzil co mal v cache.
Vyzera to reprodukovatelne - aj po telnete pride po presne
5 sekundach ARP request. Je to bug alebo feature?

Zdravi
-- 
                               Stano