nanog mailing list archives

Re: Security problem in PPPoE connection

From: Joe Maimon <jmaimon () ttec com>
Date: Sun, 12 Mar 2006 14:40:40 -0500




Joe Shen wrote:

Hi,

We are facing problem with PPPoE in ethernet access

network.

To provide high speed access, 10Mbps/100Mbps ethernet
is used as access method. But, we found some guy
'steal' some other's account by listening to
broadcasting packets, and they also set up 'phishing'
PPPoE server to catch those PPPoE authentication

packets.


Well you need to do a few things

-- Terminate access to the miscreants
-- Implement features like private-vlans

-- Otherwise prevent ports from communicating between eachothers exceptthrough your authorized PPPoE server. MAC access lists may provide somehelp with that. You will need to examine exactly what your L2 switchessupport.

Current thread:

Security problem in PPPoE connection Joe Shen (Mar 11)
- Re: Security problem in PPPoE connection Peter Dambier (Mar 12)
  - Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
- Re: Security problem in PPPoE connection Niels Bakker (Mar 12)
  - Re: Security problem in PPPoE connection Joe Shen (Mar 12)
    - Re: Security problem in PPPoE connection Sean Donelan (Mar 13)
- Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
  - Re: Security problem in PPPoE connection Steven M. Bellovin (Mar 12)
    - Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
- Re: Security problem in PPPoE connection Joe Maimon (Mar 12)