While the cat is away, the mice will play

Tue Feb 12 03:24:47 UTC 2002

It seems someone from bestweb.net is rebroadcasting several day old nanog
posts back to the list.

I've gotten more than a dozen just now, and they're still coming in.
They're also generating new message ids, so my dupe filter isn't catching
them.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

---------- Forwarded message ----------
Return-Path: <owner-nanog at merit.edu>
Received: from mailhost.mmaero.com (mailhost.mmaero.com [208.152.224.3])
	by redhat1.mmaero.com (8.11.6/8.9.3) with ESMTP id g1C3JZ726973
	for <jlewis at redhat1.mmaero.com>; Mon, 11 Feb 2002 22:19:35 -0500
Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26])
	by mailhost.mmaero.com (8.11.2/8.11.2) with ESMTP id g1C3JUY13667
	for <jlewis at lewis.org>; Mon, 11 Feb 2002 22:19:30 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 22AF691317; Mon, 11 Feb 2002 21:45:34 -0500 (EST)
Delivered-To: nanog-outgoing at trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 5FF03912CE; Mon, 11 Feb 2002 21:24:04 -0500 (EST)
Delivered-To: nanog at trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id A8AB591273
	for <nanog at trapdoor.merit.edu>; Mon, 11 Feb 2002 21:16:55 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id 83D395DDA5; Mon, 11 Feb 2002 21:16:55 -0500 (EST)
Delivered-To: nanog at merit.edu
Received: from newman2.bestweb.net (newman2.bestweb.net [209.94.102.67])
	by segue.merit.edu (Postfix) with ESMTP id 5B3F95DD92
	for <nanog at merit.edu>; Mon, 11 Feb 2002 21:16:55 -0500 (EST)
Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110])
	by newman2.bestweb.net (Postfix) with ESMTP
	id 9EB762317F; Mon, 11 Feb 2002 21:17:11 -0500 (EST)
Received: by okeeffe.bestweb.net (Postfix, from userid 0)
	id 61CB39EFBC; Mon, 11 Feb 2002 21:12:09 -0500 (EST)
Reply-To: <deepak at ai.net>
From: "Deepak Jain" <deepak at ai.net>
To: "David McGaugh" <david_mcgaugh at eli.net>, <nanog at merit.edu>
Subject: RE: Ethernet EP - MAC Address Filtering
Date: Fri, 8 Feb 2002 15:50:02 -0500
Message-Id: <20020212021209.61CB39EFBC at okeeffe.bestweb.net>
Sender: owner-nanog at merit.edu
Precedence: bulk
Errors-To: owner-nanog-outgoing at merit.edu
X-Loop: nanog

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
David McGaugh
Sent: Friday, February 08, 2002 3:18 PM
To: nanog at merit.edu
Subject: Ethernet EP - MAC Address Filtering

Just curious if anyone is performing MAC Address Filtering at any of
the Ethernet Exchange Points. If so has it been found to be easy to
administer or difficult where by peers may be changing Layer 3 devices
or Interfaces without notice? Alternately is MAC Address Filtering
considered an unneeded security measure?

Thanks,
Dave

----

Speaking of this, is MAC Address filtering [at an IX] really designed to
eliminate the possibility of new hardware showing up on the port or is it
more the idea of keeping lots of boxes from showing up directly [like
hanging another switch off the port]. If its the latter, a seemingly
sensible approach would be to limit the number of unique MAC addresses to
like 2-4 per port.

This way you can change your equipment without prior notice, but you can't
(as easily) violate the integrity of the switching fabric.

I know for our network ports we limit to no more than 2 unique MACs in a
certain time period [~5 minutes or so] which again, allows swapping of
equipment without compromising anything that MAC layer filtering is supposed
to protect.

Deepak Jain
AiNET