Hacker News new | ask | show | jobs
by sideshowmel 1920 days ago
True, but the packets in-flight can take different routes. If you have a machine on the switch, you know you've captured all the packets that were in-flight. This make it easier to break the encrypted packets.

It's a choice--everything in security is a risk-management assessment, but I'm surprised rsync.net was able to get so many security certifications with this setup.
2 comments
noir_lord 1920 days ago
> If you have a machine on the switch, you know you've captured all the packets that were in-flight.

Same applies if someone takes over the firewall, machine on the last hop before they hit port 22.

In a world where stuff like this https://www.helpnetsecurity.com/2020/09/01/zero-day-cisco-en... routinely happens there is a benefit to forgoing all of that when it makes sense.

link
mcosta 1920 days ago
# tcpdump -i eth0

tcpdump: eth0: You don't have permission to capture on that device

(socket: Operation not permitted)

link