|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: DH-CHAPIn message <FOEDIAMMNNAJCNDKPAAPIEFACAAA.ywang@karthika.com>, "Yongge Wang" writes: [...] >But the switch has to broadcast again on the outgoing port, right? Depends on one's perspective. For typical network engineering, the answer is "no". In many environments, it's safe to assume that, while there may be cascades of Ethernet switches, there is only one leaf device per switch port. (Otherwise, you lose the benefits of full-duplex on the multi-drop segment.) For cryptographic purposes, it's moot: someone with physical access to the switch can put a port into monitor mode, snoop the traffic on the ethernet-switch-port in question, and forge MAC addresses to inject packets into that data stream. Consider the case where end-users control the iSCSI devices communicating via a switched ethernet, and the iSCSI end-user don't wish to trust the administrator of the Ethernet switch.
Home Last updated: Mon Apr 15 15:18:22 2002 9679 messages in chronological order |