North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPv6, IPSEC and DoS
On 3-jan-05, at 16:29, J. Oquendo wrote: To prevent ARP or ND spoofing attack you should have L2 switch support to Yes, and that's why you need static MAC forwarding tables too.Funny you should mention this I thought about this but figure the following, regardless of VLAN/PVLAN/ settings, switches still need to build an ARP table If you can then enforce the port->MAC->IP mappings you're pretty much bullet proof. I know there are switches that can handle the port->MAC part. An alternative for the MAC->IP part would be the TCP MD5 option or IPsec.
|