On Monday 19 April 2004 5:12 pm, Alistair Tonner wrote:
> On April 19, 2004 03:25 pm, Antony Stone wrote:
> >
> > I suggest another firewall then - trying to set up a firewall with only
> > one ethernet interface is a poor enough solution (from a security point
> > of view) in the first place, but if there is wireless access involved as
> > well then I would not even consider it.
>
> Thanks Antony -- again you have expressed precisely what I would have
> said -- succinctly and clearly.
>
> Aliased (stacked) interfaces ARE NOT SECURE. Period.
Indeed. I would like to see this emphasised more in the netfilter howtos &
tutorials. Multiple addresses on one interface are all very well, so long
as they exist within the same subnet; however anyone trying to use multiple
*network* addresses on one physical interface is defeating their security by
ignoring what the different OSI network layers mean.
Even someone who thinks "I have a switch; my packets cannot be sniffed" simply
hasn't investigated Dug Song's (and similar) network tools sufficiently.
Regards,
Antony.
--
Having been asked for a reference for this man,
I can confirm that you will be very lucky indeed if you can get him to work
for you.
Please reply to the list;
please don't CC me.
