[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Tuning LTSP Performance



2008/8/29 Todd O'Bryan <toddobryan gmail com>:
> On Fri, Aug 29, 2008 at 7:01 PM, Robert Arkiletian <robark gmail com> wrote:
>>
>> 2008/8/29 Terrell Prude' Jr. <microman cmosnetworks com>:
>> > 2.)  If you're running LTSP of any sort, it's assumed that you're
>> > running,
>> > at a minimum, a switched 10/100 environment (if not, then you really
>> > should
>> > be!).  Unless A.) it's a managed switch capable of port mirroring, and
>> > B.)
>> > you control said switch, you can sniff *your* traffic, but not other
>> > peoples.  To keep the Les Mikesells of the world happy, I'll point out
>> > that
>> > yes, you could sniff the server if it's physically accessible.  But in
>> > God's
>> > name, I hope you have it secured physically so's to (largely) prevent
>> > that!
>>
>> Please enlighten me Terrell. I don't understand how having access to
>> the server is a vulnerability in terms of sniffing packets. One must
>> have root access to be able to use a program like tcpdump or wireshark
>> to capture packets. So if they don't have root how can they sniff?
>
> Oooh, oooh...One of my students just told me this one. At least on Ubuntu
> (and I'd guess on other Linuxes), you can start the server in safe mode in
> case you broke something. If you do that, you get this lovely command-line
> interface with root access.

You can protect against that by setting a password in grub or lilo.
But that's not what I mean.
Here is my question:

Since X traffic is sent unencrypted how is someone suppose to
intercept the packets (containing keyboard input) if using a switch
that only sends packets to their destination. So you can only sniff
yourself. (Hmm, did I just say that?)  IF you are sitting at the
server ALL local traffic goes through eth0. BUT you need root access
to read those packets, don't you? So again how is direct X traffic a
vulnerability?

The only way I can think is if, as Terrell said, you have control of
the switch and you enable port mirroring.

-- 
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]