RE: Interesting new spam technique - getting a lot more popular.
15 Jun
2006
15 Jun
'06
2:12 p.m.
Has anyone considered using sFlow to detect this type of bad behavior? Many layer 2 switches vendors mentioned in the discussion support sFlow (see http://www.sflow.org/products/network.php for a list). sFlow operates at layer 2 (think of it as a kind of remote sampled mirror port capability that lets you capture the first 128 bytes of Ethernet frames from every l2/l3 switch port in the data center). Information that you could get from sFlow that is relevant to the discussion include: ingress switch port, source and destination mac addresses, vlans, ip addresses, ARP targets and senders, layer 4 protocol and ports. Peter
6766
Age (days ago)
6766
Last active (days ago)
0 comments
1 participants
participants (1)
-
Peter Phaal