Interesting new spam technique - getting a lot more popular.

• Previous message (by thread): Interesting new spam technique - getting a lot more popular.
• Next message (by thread): WSJ: Big tech firms seeking power
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has anyone considered using sFlow to detect this type of bad behavior? Many
layer 2 switches vendors mentioned in the discussion support sFlow (see
http://www.sflow.org/products/network.php for a list).

sFlow operates at layer 2 (think of it as a kind of remote sampled mirror
port capability that lets you capture the first 128 bytes of Ethernet frames
from every l2/l3 switch port in the data center). Information that you could
get from sFlow that is relevant to the discussion include: ingress switch
port, source and destination mac addresses, vlans, ip addresses, ARP targets
and senders, layer 4 protocol and ports.

Peter

• Previous message (by thread): Interesting new spam technique - getting a lot more popular.
• Next message (by thread): WSJ: Big tech firms seeking power
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]