Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

multiple interfaces on same subnet



On Tue, Nov 17, 2009 at 3:28 PM, Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org> wrote:
>...
> I'm looking for some reasons why this might be a bad thing, but I don't
> know any technical reason not to allow this, at least when there is a
> single default route.

>From a security perspective, this is a potential problem.  Your laptop
is now a connection between two (potentially different)
networks with different security profiles.  In some ways, it's
equivalent to the old problem of people attaching modems to their
desktop
computer which was connected to the corporate network.  They would set
up their desktop to allow remote login so they could access
work files from home.  Attackers would war dial people's extensions
looking for open modems.  Exploiting your dual interface machine would
be more complicated as it would require setting up a nearby rogue
wireless access point to which your laptop would connect while you had
a wired connection to the corporate network.

At a minimum, you should make sure that your laptop isn't set up to
forward packets between the interfaces.  Not doing so would allow
network connections between the two different interfaces without
dealing with any host based authentication on your laptop at all.

Bill Bogstad






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org