27 Feb
2011
27 Feb
'11
11:35 p.m.
On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote:
You really need to look at switch logs for that, even with IPv4: http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf
And flow telemetry, and so forth, yes. With BCP deployment in terms of anti-ARP-spoofing and DCHP snooping/source guard, traceback becomes whole lot easier.
Also don't forget privacy-enhanced addresses.
Yes, which have extremely negative opsec connotations in terms of complicating traceback. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde