[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
Gerald Maguire
maguire at it.kth.se
Sun Feb 27 06:55:46 CST 2005
Of course if you have physical access to the links you can snoop.
My point was simply that you don't need to need to add a hub in order
to sniff (as your message implied) -- just give the switch the right
configuration commands and you can get all the traffic to and from a
given port. Thus you don't need physical access to the switch - you
only need to send the right commands to the switch (of course proper
protection of the administrative passwords, proper configuration of
which ports commands can come on, etc. can strengthen this). The key
is that simply using switches does not eliminate the possibility of
sniffing, it just makes it a little harder. This is of course why many
firms are concerned about the introduction of legal intercept features
into networking devices -- because it makes it _easier_ for someone to
intercept and tap traffic. CALEA (47 U.S.C. § 1001 et seq.) and other
regulations mean that not only can the traffic be intercepted but it
should not be detectable (by the subject or even by others who have
lawful intercept orders).
Regards,
G. Q. Maguire Jr.
More information about the Voipsec
mailing list