I'm not sure if you deliberately used the word "best" in your initial question ?
Port-sec is the best, but DHCP snooping also plays a part, it covers a corner case where the attacker uses the same Ethernet source MAC but changes the CHADDR address in the DHCP request. I think I might be remembering that from the Yusuf flash cards... Cheers ! On Sun, Feb 20, 2011 at 4:40 AM, Pemasiri Devanarayana <[email protected]>wrote: > Thanks Tyson for your response.. > > > On Sat, Feb 19, 2011 at 7:29 PM, Tyson Scott <[email protected]> wrote: > >> port security >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> Mailto: [email protected] >> Telephone: +1.810.326.1444, ext. 208 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Pemasiri >> Devanarayana >> *Sent:* Saturday, February 19, 2011 4:39 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] DHCP Starvation attack - OEQ >> >> >> >> Hi, >> >> Can some one clarify that which mitigation solution is best for >> DHCP starvation attack.. >> >> >> >> - Port security or the DHCP snooping....? >> >> >> >> thanks >> >> >> >> >> >> >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
