nanog mailing list archives
While the cat is away, the mice will play
From: <jlewis () lewis org>
Date: Mon, 11 Feb 2002 22:24:47 -0500 (EST)
It seems someone from bestweb.net is rebroadcasting several day old nanog posts back to the list. I've gotten more than a dozen just now, and they're still coming in. They're also generating new message ids, so my dupe filter isn't catching them. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------- Forwarded message ---------- Return-Path: <owner-nanog () merit edu> Received: from mailhost.mmaero.com (mailhost.mmaero.com [208.152.224.3]) by redhat1.mmaero.com (8.11.6/8.9.3) with ESMTP id g1C3JZ726973 for <jlewis () redhat1 mmaero com>; Mon, 11 Feb 2002 22:19:35 -0500 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by mailhost.mmaero.com (8.11.2/8.11.2) with ESMTP id g1C3JUY13667 for <jlewis () lewis org>; Mon, 11 Feb 2002 22:19:30 -0500 Received: by trapdoor.merit.edu (Postfix) id 22AF691317; Mon, 11 Feb 2002 21:45:34 -0500 (EST) Delivered-To: nanog-outgoing () trapdoor merit edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 5FF03912CE; Mon, 11 Feb 2002 21:24:04 -0500 (EST) Delivered-To: nanog () trapdoor merit edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A8AB591273 for <nanog () trapdoor merit edu>; Mon, 11 Feb 2002 21:16:55 -0500 (EST) Received: by segue.merit.edu (Postfix) id 83D395DDA5; Mon, 11 Feb 2002 21:16:55 -0500 (EST) Delivered-To: nanog () merit edu Received: from newman2.bestweb.net (newman2.bestweb.net [209.94.102.67]) by segue.merit.edu (Postfix) with ESMTP id 5B3F95DD92 for <nanog () merit edu>; Mon, 11 Feb 2002 21:16:55 -0500 (EST) Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110]) by newman2.bestweb.net (Postfix) with ESMTP id 9EB762317F; Mon, 11 Feb 2002 21:17:11 -0500 (EST) Received: by okeeffe.bestweb.net (Postfix, from userid 0) id 61CB39EFBC; Mon, 11 Feb 2002 21:12:09 -0500 (EST) Reply-To: <deepak () ai net> From: "Deepak Jain" <deepak () ai net> To: "David McGaugh" <david_mcgaugh () eli net>, <nanog () merit edu> Subject: RE: Ethernet EP - MAC Address Filtering Date: Fri, 8 Feb 2002 15:50:02 -0500 Message-Id: <20020212021209.61CB39EFBC () okeeffe bestweb net> Sender: owner-nanog () merit edu Precedence: bulk Errors-To: owner-nanog-outgoing () merit edu X-Loop: nanog -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of David McGaugh Sent: Friday, February 08, 2002 3:18 PM To: nanog () merit edu Subject: Ethernet EP - MAC Address Filtering Just curious if anyone is performing MAC Address Filtering at any of the Ethernet Exchange Points. If so has it been found to be easy to administer or difficult where by peers may be changing Layer 3 devices or Interfaces without notice? Alternately is MAC Address Filtering considered an unneeded security measure? Thanks, Dave ---- Speaking of this, is MAC Address filtering [at an IX] really designed to eliminate the possibility of new hardware showing up on the port or is it more the idea of keeping lots of boxes from showing up directly [like hanging another switch off the port]. If its the latter, a seemingly sensible approach would be to limit the number of unique MAC addresses to like 2-4 per port. This way you can change your equipment without prior notice, but you can't (as easily) violate the integrity of the switching fabric. I know for our network ports we limit to no more than 2 unique MACs in a certain time period [~5 minutes or so] which again, allows swapping of equipment without compromising anything that MAC layer filtering is supposed to protect. Deepak Jain AiNET
Current thread:
- While the cat is away, the mice will play jlewis (Feb 11)