[Asterisk-Dev] OMG THE SKY IS FALLING!! NOT!!!
Andrew Kohlsmith
akohlsmith-asterisk at benshaw.com
Sat May 15 15:49:45 MST 2004
> That, unless you have a REALLY AWFUL network is completely incorrect. You
> can only see that traffic when in a non-switched network, and when you
> happen to be on the same subnet. Most places now use switches, so unless
> you are able to get into the switch config, you can't see what is going
> on. This means that in practice, only your network admins will really be
> able to snoop on phone calls...
Google around for the term "arp poisoning" -- it's trivial to turn practically
any switch into a hub.
Now there are some really fancy switches (Cisco Catalysts come to mind
immediately) which can sound the alarm if the MAC address on a port changes;
hell it can even lock it down an prevent any futher traffic from moving
through that port until an admin clears it up. I'm sure there are others
that can do this kind of thing, and I'm sure that there are levels of
severity that the Catalysts can be set to, but switches in general are not
some magic bullet to network security.
-A.
More information about the asterisk-dev
mailing list