[VOIPSEC] Actual Attacks (VLANs)
Christopher A. Martin
chris at sip1.com
Sun Feb 20 22:39:29 CST 2005
That's right, VLANS are just one piece of the in depth model...thats why the
infrastructure needs to work concurrently throughout the entire path in
order to prevent attacks...this is also not just a VoIP issue at this point.
________________________________
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Domains.SIP1.com
http://domains.sip1.com
Low cost domain name registration & other Internet services.
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Brian Boyter
> Sent: Sunday, February 20, 2005 1:21 PM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Actual Attacks (VLANs)
>
> Right on, Russell...
> A long time ago we learned that IP addresses could be spoofed and
> therefore could not be relied upon for authentication.
> Unfortunately, VLAN tags have no form of authentication, either....
>
> Even worse, VLAN tags also indicate the priority of the packet....
> So not only can VLAN tags be spoofed, the attacking packets can be
> given a higher priority than your normal traffic....
> Brian
>
>
> Russell Howe wrote:
>
> >On Sat, Feb 19, 2005 at 09:46:56PM -0600, Christopher A. Martin wrote:
> >
> >
> >>Endpoints will have to become robust enough to not only support VLAN
> tagging
> >>but also association of specific applications to VLAN
> >>
> >>
> >
> >Then what happens when a device which does VLAN tagging gets
> >compromised? Nothing to stop the malicious code from chatting on
> >whichever VLAN it wishes, surely?
> >
> >If you move to making user devices VLAN aware, I don't see how you can
> >use VLANs as an effective security mechanism. They may well add an
> >element of obscurity, but security by obscurity isn't something to rely
> >on.
> >
> >
> >
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list