[K12OSN] Tuning LTSP Performance

Robert Arkiletian robark at gmail.com
Sat Aug 30 02:54:38 UTC 2008


2008/8/29 Todd O'Bryan <toddobryan at gmail.com>:
> On Fri, Aug 29, 2008 at 7:01 PM, Robert Arkiletian <robark at gmail.com> wrote:
>>
>> 2008/8/29 Terrell Prude' Jr. <microman at cmosnetworks.com>:
>> > 2.)  If you're running LTSP of any sort, it's assumed that you're
>> > running,
>> > at a minimum, a switched 10/100 environment (if not, then you really
>> > should
>> > be!).  Unless A.) it's a managed switch capable of port mirroring, and
>> > B.)
>> > you control said switch, you can sniff *your* traffic, but not other
>> > peoples.  To keep the Les Mikesells of the world happy, I'll point out
>> > that
>> > yes, you could sniff the server if it's physically accessible.  But in
>> > God's
>> > name, I hope you have it secured physically so's to (largely) prevent
>> > that!
>>
>> Please enlighten me Terrell. I don't understand how having access to
>> the server is a vulnerability in terms of sniffing packets. One must
>> have root access to be able to use a program like tcpdump or wireshark
>> to capture packets. So if they don't have root how can they sniff?
>
> Oooh, oooh...One of my students just told me this one. At least on Ubuntu
> (and I'd guess on other Linuxes), you can start the server in safe mode in
> case you broke something. If you do that, you get this lovely command-line
> interface with root access.

You can protect against that by setting a password in grub or lilo.
But that's not what I mean.
Here is my question:

Since X traffic is sent unencrypted how is someone suppose to
intercept the packets (containing keyboard input) if using a switch
that only sends packets to their destination. So you can only sniff
yourself. (Hmm, did I just say that?)  IF you are sitting at the
server ALL local traffic goes through eth0. BUT you need root access
to read those packets, don't you? So again how is direct X traffic a
vulnerability?

The only way I can think is if, as Terrell said, you have control of
the switch and you enable port mirroring.

-- 
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/




More information about the K12OSN mailing list