Re: Protection against Man-in -d -middle attack

That is so true Mark....

Charles Henson

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Mark Matters <markccie_at_gmail.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Luan Nguyen <luan_at_netcraftsmen.net> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Marko Milivojevic <markom_at_ipexpert.com>, Narbik Kocharians <narbikk_at_gmail.com>, ccielab_at_groupstudy.com |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |03/26/2010 01:35 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: Protection against Man-in -d -middle attack |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

I can tell you NOT to turn it on for vlan 1 in a 350+ vlan 1 user base
consisting of 3 core 6509's and entering the command the main switch. This
will lock everyone out of the switch and force you to pull the plug to
reboot it.

An admin learned this lesson the hard way. Don't ask why the admin chose to
have every employee in vlan 1. It amazes me at how some multi million
dollar
small companies function. My network at home is more stable.

On Fri, Mar 26, 2010 at 2:17 PM, Luan Nguyen <luan_at_netcraftsmen.net> wrote:

> Here's a question for redemption:
> What is the best way to turn on DAI on a production network?
>
> -Luan
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Marko Milivojevic
> Sent: Wednesday, March 24, 2010 4:15 PM
> To: Narbik Kocharians
> Cc: Itechguru; olugbenga lasisi; Thameem Maranveetil Parambath;
> ccielab_at_groupstudy.com
> Subject: Re: Protection against Man-in -d -middle attack
>
> Thanks Narbik.
>
> Now to be truly honest, my labs started as the way to prove you wrong.
> However, I soon realized it was ME who was wrong, but decided to post
> the lab anyway, since I thought it was a good example.
>
> I agree with the point that I should have kept all the messages Cat2
> was spewing on the console. Overall, I think between two labs we
> posted, this subject is very well covered.
>
> Anyone has something else Narbik and I can argue about? Keep it
> technical, I'm tired of waving the waivers ;-)
>
> --
> Marko Milivojevic - CCIE #18427
> Senior Technical Instructor - IPexpert
>
> YES! We include 400 hours of REAL rack
> time with our Blended Learning Solution!
>
> Mailto: markom_at_ipexpert.com
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Web: http://www.ipexpert.com/
>
> On Wed, Mar 24, 2010 at 18:43, Narbik Kocharians <narbikk_at_gmail.com>
> wrote:
> > Guys,
> >
> >
> >
> > I truly was NOT trying to rub it in, we all know that Marko knows his
> stuff,
> > if you ever doubt it, just go back and read some of his posts/answers,
> the
> > man is simply awesome.
> >
> >
> >
> > The point I was trying to get across was that when testing this kind of
> > stuff, you should always check the right console messages, and the
right
> way
> > of testing.
> >
> >
> >
> > You should purposely try to make some errors and see some of the
console
> > messages, which I showed in my post; this is how you nail it down. This
> is
> > how you ACEB the TS portion of the lab.B As Marko mentioned, when in
> doubt
> > lab it.
> >
> > Thanks itechguru.
> >
> > On Wed, Mar 24, 2010 at 5:46 AM, Itechguru <wajid.ccie_at_gmail.com>
wrote:
> >>
> >> Narbik
> >>
> >> As always, you are awesome. I cannot say that for others.
> >> Great demonstration.
> >> On Wed, Mar 24, 2010 at 7:49 AM, Marko Milivojevic
<markom_at_ipexpert.com
> >
> >> wrote:
> >>>
> >>> On Wed, Mar 24, 2010 at 09:16, Narbik Kocharians <narbikk_at_gmail.com>
> >>> wrote:
> >>> > MArko,
> >>> >
> >>> > Did you just prove what i stated was correct?
> >>>
> >>> Didn't I write that very clearly at the top of my message. No point
> >>> rubbing it in... :-)
> >>>
> >>>
> >>> --
> >>> Marko Milivojevic - CCIE #18427
> >>> Senior Technical Instructor - IPexpert
> >>>
> >>> YES! We include 400 hours of REAL rack
> >>> time with our Blended Learning Solution!
> >>>
> >>> Mailto: markom_at_ipexpert.com
> >>> Telephone: +1.810.326.1444
> >>> Fax: +1.810.454.0130
> >>> Web: http://www.ipexpert.com/
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>>
Received on Fri Mar 26 2010 - 13:39:27 ART