1 |
On 07/18/06 Drew wrote: |
2 |
> Multiple physical interfaces isolate the underlying ethernet traffic |
3 |
> to the specific 'side' of the firewall they're attached to. On a |
4 |
> single wire/NIC setup all you need is a packet sniffer running on a |
5 |
> 'outside' malicious host (in promiscuous mode) to map the firewalled |
6 |
> portion of your network and then configure the same host to masquerade |
7 |
> as a firewalled host. Once that's done, the malicious host has the |
8 |
> same access rights as any other firewalled host. |
9 |
|
10 |
You're failing to think of point to point tunnels links over a secure |
11 |
protocol, and VLANS - but your point is correct if on a standard flat |
12 |
network. |