[89388] in North American Network Operators' Group
Re: Security problem in PPPoE connection
daemon@ATHENA.MIT.EDU (Joe Maimon)
Sun Mar 12 14:41:10 2006
Date: Sun, 12 Mar 2006 14:40:40 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: Joe Shen <joe_hznm@yahoo.com.sg>
Cc: nanog <nanog@merit.edu>
In-Reply-To: <20060312064818.58724.qmail@web53607.mail.yahoo.com>
Errors-To: owner-nanog@merit.edu
Joe Shen wrote:
> Hi,
>
> We are facing problem with PPPoE in ethernet access
> network.
>
> To provide high speed access, 10Mbps/100Mbps ethernet
> is used as access method. But, we found some guy
> 'steal' some other's account by listening to
> broadcasting packets, and they also set up 'phishing'
> PPPoE server to catch those PPPoE authentication
> packets.
>
Well you need to do a few things
-- Terminate access to the miscreants
-- Implement features like private-vlans
-- Otherwise prevent ports from communicating between eachothers except
through your authorized PPPoE server. MAC access lists may provide some
help with that. You will need to examine exactly what your L2 switches
support.
