On 26/12/2023, 10:03:11, "Christopher Hawker" <[email protected]> wrote:
In my experience dealing with cross-connect LOAs at Equinix SY1/2, SY3, SY4, SY5 and ME1, Equinix have always requested an LoA from the Z-side.
I think it has spread from being an Equinix USA thing to global, we never needed them but over the last few years they have become more common incluging DCs that never used to care. Some required the Z to ack by email which is more secure but held up connections, that LOA replaced email shows how much the
DCs care about the LOA authenticity.
Never heard of an LoA not being required for a cross-connect otherwise, how would they know it's a legit request?
Who cares? Paying money is usually a good enough sign of being legit. What is the worst that can happen? They are paying for a xcon they will never be able to use. I guess they could play minesweeper and hope to hit one that is connected to a live port that is configured in some manner they could leverage. That is an expensive attack and the alerts for new connections going live should be
sufficient to tip off the victim. brandon
