Interesting new spam technique - getting a lot more popular.
Florian Weimer
fw at deneb.enyo.de
Wed Jun 14 15:49:15 UTC 2006
* Christopher L. Morrow:
> On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
>>
>> http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html
>>
>> * Monitor your local network for interfaces transmitting ARP
>> responses they shouldn't be.
>
> how about just mac security on switch ports? limit the number of mac's at
> each port to 1 or some number 'valid' ?
The attack is not visible at layer 2, so this won't help. You need
static ARP tables on relevant hosts, but even that is only a stopgag
measure. Better invest into one (virtual) router port per customer
host. 8-/
More information about the NANOG
mailing list