[K12OSN] Tuning LTSP Performance
Robert Arkiletian
robark at gmail.com
Sat Aug 30 04:08:13 UTC 2008
On Fri, Aug 29, 2008 at 9:00 PM, Terrell Prude' Jr.
<microman at cmosnetworks.com> wrote:
> Almquist Burke wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On Aug 29, 2008, at 9:54 PM, Robert Arkiletian wrote:
>>>
>>> Here is my question:
>>>
>>> Since X traffic is sent unencrypted how is someone suppose to
>>> intercept the packets (containing keyboard input) if using a switch
>>> that only sends packets to their destination. So you can only sniff
>>> yourself. (Hmm, did I just say that?) IF you are sitting at the
>>> server ALL local traffic goes through eth0. BUT you need root access
>>> to read those packets, don't you? So again how is direct X traffic a
>>> vulnerability?
>>>
>>> The only way I can think is if, as Terrell said, you have control of
>>> the switch and you enable port mirroring.
>>>
>>
>> ARP poisoning? All they need is access to the network on a machine with
>> raw socket capabilities.
>
> That's what port security is for, which most managed switches do support.
> Just tell your switch to allow the LTSP server's MAC address only from that
> one port. Any yahoo that comes along that tries any monkey business like
> that will get his port shut down right then and there. If your switch
> supports it, you can tell it to just disable the port for, say, two hours,
> and then have it re-enable the port after that period.
>
Cool that's a good idea. But in any case, even without managed
switches, if everyone all of sudden loses their X sessions what's the
point of sniffing?
--
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/
More information about the K12OSN
mailing list