[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Tuning LTSP Performance



Robert Arkiletian wrote:
On Fri, Aug 29, 2008 at 9:00 PM, Terrell Prude' Jr.
<microman cmosnetworks com> wrote:
Almquist Burke wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Aug 29, 2008, at 9:54 PM, Robert Arkiletian wrote:
Here is my question:

Since X traffic is sent unencrypted how is someone suppose to
intercept the packets (containing keyboard input) if using a switch
that only sends packets to their destination. So you can only sniff
yourself. (Hmm, did I just say that?)  IF you are sitting at the
server ALL local traffic goes through eth0. BUT you need root access
to read those packets, don't you? So again how is direct X traffic a
vulnerability?

The only way I can think is if, as Terrell said, you have control of
the switch and you enable port mirroring.

ARP poisoning? All they need is access to the network on a machine with
raw socket capabilities.
That's what port security is for, which most managed switches do support.
 Just tell your switch to allow the LTSP server's MAC address only from that
one port.  Any yahoo that comes along that tries any monkey business like
that will get his port shut down right then and there.  If your switch
supports it, you can tell it to just disable the port for, say, two hours,
and then have it re-enable the port after that period.


Cool that's a good idea. But in any case, even without managed
switches, if everyone all of sudden loses their X sessions what's the
point of sniffing?

Sniffing's a different discussion. ARP spoofing's more of a man-in-the-middle and/or denial-of-service attack.

--TP


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]