Interesting new spam technique - getting a lot more popular.

• Previous message (by thread): Interesting new spam technique - getting a lot more popular.
• Next message (by thread): Interesting new spam technique - getting a lot more popular.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Jun 2006, Christopher L. Morrow wrote:

> is it really that hard to make your foudry/extreme/cisco l3 switch vlan 
> and subnet??? Is this a education thing or a laziness thing? Is this 
> perhaps covered in a 'bcp' (not even an official IETF thing, just a 
> hosters bible sort of thing) ?

This problem is fixed by following the BCP regarding spoof filtering, if 
needed, doing the IP source filtering at the switchport instead of at the 
router level. Treat your colo customers the same way you would residential 
customers with the same security level.

Whatever the customer himself can change, control. IP spoof filtering, and 
if your platform supports it, even rewrite the MAC address so it's local 
to the access cable and not used in your aggregation network (some DSLAM 
vendors do this, for instance). I haven't seen any switch vendors that 
does this yet, unfortunately.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): Interesting new spam technique - getting a lot more popular.
• Next message (by thread): Interesting new spam technique - getting a lot more popular.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]