On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote: > You really need to look at switch logs for that, even with IPv4: > http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf
And flow telemetry, and so forth, yes. With BCP deployment in terms of anti-ARP-spoofing and DCHP snooping/source guard, traceback becomes whole lot easier. > Also don't forget privacy-enhanced addresses. Yes, which have extremely negative opsec connotations in terms of complicating traceback. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde
