North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Security problem in PPPoE connection
* [email protected] (Joe Shen) [Sun 12 Mar 2006, 07:48 CET]: We are facing problem with PPPoE in ethernet access network.I humbly suggest you re-evaluate your network design, only this time keeping in mind the fundamental nature of Ethernet as a broadcast medium. A commonly used model is to use private VLANs (one per customer) combined with "local-proxy-arp". That may help against password sniffing but won't help against sniffing traffic by an active attacker once the session has been established. Also, you'll have to revisit all CPE to explicitly disable PAP, or an active attacker could still steal the password if he impersonates the real PPPoE server.What's your method to deal with such problem? Will CHAP in PPPoE help? HTH, -- Niels. -- "Calling religion a drug is an insult to drugs everywhere. Religion is more like the placebo of the masses." -- MeFi user boaz
|