[90772] in North American Network Operators' Group
RE: Interesting new spam technique - getting a lot more popular.
daemon@ATHENA.MIT.EDU (John van Oppen)
Wed Jun 14 00:35:42 2006
Date: Tue, 13 Jun 2006 21:35:14 -0700
From: "John van Oppen" <john@vanoppen.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
It sure seems like this is a good demo of the best practice of having =
customers on their own VLANs with their own subnets. We have been =
doing this since we started offering colo services, is this less common =
than I thought?
John
-----Urspr=FCngliche Nachricht-----
Von: Christopher L. Morrow =
[mailto:christopher.morrow@verizonbusiness.com]=20
Gesendet: Tuesday, June 13, 2006 9:23 PM
An: Suresh Ramasubramanian
Cc: NANOG
Betreff: Re: Interesting new spam technique - getting a lot more =
popular.
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
> That was not my advice btw - just forwarding on what I saw.
>
oh,. apologies, i did cut the message down quite a bit :( I understood =
you
were quoting from the spamdiaries website, I apologize to the other
listeners (readers?) if it confused the issue.
> What you say does seem like a "must do" all right - but putting ARP
> filters in is actually a reasonable idea.
>
Atleast it'd trim down the 'problem' to the single customer subnet, I
assume that dedicated hosting folks don't just drop machines behind a
switch on one big flat subnet? That's probably a naive assumption though
:( Perhaps this is clue #12 that that is a 'less than good' option? :)
> On 6/14/06, Christopher L. Morrow
> <christopher.morrow@verizonbusiness.com> wrote:
> >
> > On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
> > >
> > > =
http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-us=
ed-by.html
> > >
> > > * Monitor your local network for interfaces transmitting ARP
> > > responses they shouldn't be.
> >
> > how about just mac security on switch ports? limit the number of =
mac's at
> > each port to 1 or some number 'valid' ?
> >
>
>
> --
> Suresh Ramasubramanian (ops.lists@gmail.com)
>
