Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Interesting new spam technique - getting a lot more popular.

  • From: Mikael Abrahamsson
  • Date: Wed Jun 14 01:18:06 2006

On Wed, 14 Jun 2006, Christopher L. Morrow wrote:

is it really that hard to make your foudry/extreme/cisco l3 switch vlan and subnet??? Is this a education thing or a laziness thing? Is this perhaps covered in a 'bcp' (not even an official IETF thing, just a hosters bible sort of thing) ?
This problem is fixed by following the BCP regarding spoof filtering, if needed, doing the IP source filtering at the switchport instead of at the router level. Treat your colo customers the same way you would residential customers with the same security level.

Whatever the customer himself can change, control. IP spoof filtering, and if your platform supports it, even rewrite the MAC address so it's local to the access cable and not used in your aggregation network (some DSLAM vendors do this, for instance). I haven't seen any switch vendors that does this yet, unfortunately.

--
Mikael Abrahamsson email: swmike@swm.pp.se




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.