[90784] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Interesting new spam technique - getting a lot more popular.

daemon@ATHENA.MIT.EDU (Chris Edwards)
Wed Jun 14 06:30:57 2006

Date: Wed, 14 Jun 2006 11:30:25 +0100 (BST)
From: Chris Edwards <chris@eng.gla.ac.uk>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.58.0606140410060.19686@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu

On Wed, 14 Jun 2006, Christopher L. Morrow wrote:

| how about just mac security on switch ports? limit the number of mac's at
| each port to 1 or some number 'valid' ?

Hi,

Just to be clear, simple L2 mac security doesn't help here.  

This attack (arp spoofing on a shared subnet) does not involve more than 
one mac per switch port.  Nor are there any changes in switch port / mac 
associations.

You need to watch at the higher layers (arp, ip).

Cheers

--
Chris Edwards, Glasgow University Computing Service


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[90784] in North American Network Operators' Group

Re: Interesting new spam technique - getting a lot more popular.

daemon@ATHENA.MIT.EDU (Chris Edwards)Wed Jun 14 06:30:57 2006

daemon@ATHENA.MIT.EDU (Chris Edwards)
Wed Jun 14 06:30:57 2006