[K12OSN] Tuning LTSP Performance
Terrell Prude' Jr.
microman at cmosnetworks.com
Sat Aug 30 04:00:10 UTC 2008
Almquist Burke wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Aug 29, 2008, at 9:54 PM, Robert Arkiletian wrote:
>> Here is my question:
>>
>> Since X traffic is sent unencrypted how is someone suppose to
>> intercept the packets (containing keyboard input) if using a switch
>> that only sends packets to their destination. So you can only sniff
>> yourself. (Hmm, did I just say that?) IF you are sitting at the
>> server ALL local traffic goes through eth0. BUT you need root access
>> to read those packets, don't you? So again how is direct X traffic a
>> vulnerability?
>>
>> The only way I can think is if, as Terrell said, you have control of
>> the switch and you enable port mirroring.
>>
>
> ARP poisoning? All they need is access to the network on a machine
> with raw socket capabilities.
That's what port security is for, which most managed switches do
support. Just tell your switch to allow the LTSP server's MAC address
only from that one port. Any yahoo that comes along that tries any
monkey business like that will get his port shut down right then and
there. If your switch supports it, you can tell it to just disable the
port for, say, two hours, and then have it re-enable the port after that
period.
--TP
More information about the K12OSN
mailing list