/32 subnet
Thomas Liske
liske at ibh.de
Wed Feb 4 10:30:08 UTC 2009
Hi,
On Wed, 4 Feb 2009, Marco Simioni wrote:
> good job, but i think these kind of security measures have to be
> implemented at lower layer (layer 2).
I don't disagree here....
> - we use ethernet switches with Private VLAN feature (this allow
> separation of traffic between the host ports) (see
> http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=3 for
> examples, but also cheaper switches implements this)
but deploying private VLANs in existing L2 networks is not always an
option.
> With your method i think that a client can always work at layer 2 (arp
> scanning and so on) to see the other clients.
Scanning for clients will work, but connecting i.e. on a cifs share should
not.
Regards,
Thomas
More information about the Chilli
mailing list