nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffer/promisc detector

From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Mon, 19 Jan 2004 06:18:17 +0000 (GMT)

DJ> Date: Sat, 17 Jan 2004 14:57:19 -0500
DJ> From: Deepak Jain


DJ> I know most people don't take the time to hard code their
DJ> MACs onto their switch ports, but it really only takes a few
DJ> seconds per switch with a little cutting & pasting -- as
DJ> customer switches a network port, they just need to open a
DJ> ticket to have the address changed.

In the same vein, hardcoded router ARP entries in router configs
also help.  Yes, spoofed gratuitous ARP packets are detectable,
but they can still cause trouble.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist () brics com -or- alfra () intc net -or- curbjmp () intc net
Sending mail to spambait addresses is a great way to get blocked.
Previous By Date Next
Previous By Thread Next

Current thread: