On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
> That was not my advice btw - just forwarding on what I saw. > oh,. apologies, i did cut the message down quite a bit :( I understood you were quoting from the spamdiaries website, I apologize to the other listeners (readers?) if it confused the issue. > What you say does seem like a "must do" all right - but putting ARP > filters in is actually a reasonable idea. > Atleast it'd trim down the 'problem' to the single customer subnet, I assume that dedicated hosting folks don't just drop machines behind a switch on one big flat subnet? That's probably a naive assumption though :( Perhaps this is clue #12 that that is a 'less than good' option? :) > On 6/14/06, Christopher L. Morrow > <[EMAIL PROTECTED]> wrote: > > > > On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote: > > > > > > http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html > > > > > > * Monitor your local network for interfaces transmitting ARP > > > responses they shouldn't be. > > > > how about just mac security on switch ports? limit the number of mac's at > > each port to 1 or some number 'valid' ? > > > > > -- > Suresh Ramasubramanian ([EMAIL PROTECTED]) >
