If "paying money is usually a good enough sign of being legit" for the purpose of ordering a cross-connect, then one needs to significantly consider the security and processes of their network and their DC provider's operations. I'd never use a DC provider who would accept cash as proof of a cross-connect request being legitimate.
Further, a DC operator should never be accepting and processing an order for a cross-connect without confirming the request with the Z-side. That's just common netsec process, and I'd be highly surprised if it were not. Regards, Christopher Hawker On Tue, 26 Dec 2023 at 23:44, Brandon Butterworth <[email protected]> wrote: > > > > On 26/12/2023, 10:03:11, "Christopher Hawker" <[email protected]> > wrote: > > >In my experience dealing with cross-connect LOAs at Equinix SY1/2, SY3, > >SY4, SY5 and ME1, Equinix have always requested an LoA from the Z-side. > > I think it has spread from being an Equinix USA thing to global, we > never > needed them but over the last few years they have become more common > incluging > DCs that never used to care. Some required the Z to ack by email which > is > more secure but held up connections, that LOA replaced email shows how > much the > DCs care about the LOA authenticity. > > >Never heard of an LoA not being required for a cross-connect otherwise, > how > >would they know it's a legit request? > > Who cares? Paying money is usually a good enough sign of being legit. > What is > the worst that can happen? They are paying for a xcon they will never be > able > to use. I guess they could play minesweeper and hope to hit one that is > connected > to a live port that is configured in some manner they could leverage. > That is > an expensive attack and the alerts for new connections going live should > be > sufficient to tip off the victim. > > brandon > >
