Score:0

Hp switch - enable promiscuous interface but prevent possibile attack

eg flag

i'm facing a strange request my client have done to me and i would like some help. He ask me to put a probe in promiscuous mode in my ced between my network and the mpls than connect us and them for sniffing voip packet and analyze registration on rtp channel.

In my opinion this is a security issue, beacuse once it capture the source packet of my network and there are ton of possibility of attack like spooffing, ARP poisoning ect ect

i have an hp switch Switch HPE OfficeConnect 1950 so i thought of enable promiscuous mode on the interface but enable also somethink like ip/mac binding:

ip source-binding vlan interface

Is this enough for you?

Thank for the advice.

Zac67 avatar
ru flag
You need a firewall in between networks, letting only defined traffic pass. Anything MAC-based can be easily spoofed and is useless.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.