Interesting new spam technique - getting a lot more popular.
Chris Edwards
chris at eng.gla.ac.uk
Wed Jun 14 10:30:25 UTC 2006
On Wed, 14 Jun 2006, Christopher L. Morrow wrote:
| how about just mac security on switch ports? limit the number of mac's at
| each port to 1 or some number 'valid' ?
Hi,
Just to be clear, simple L2 mac security doesn't help here.
This attack (arp spoofing on a shared subnet) does not involve more than
one mac per switch port. Nor are there any changes in switch port / mac
associations.
You need to watch at the higher layers (arp, ip).
Cheers
--
Chris Edwards, Glasgow University Computing Service
More information about the NANOG
mailing list