Why not use static MAC mappings and turn off arp?
Avi
> I shall learn in future never to post to two lists with similar
> readerships on different issues simultaneously. Following my
> post on NANOG I've now been told by no less than 8 people that
> my cisco-nsp question is not the right way to go about solving
> DOS attacks. I agree completely. That wasn't what I was trying to
> do. FWIW here's what I want to do:
>
> > > We've run out of space in our colocation areas and people
> > > are thus buying our ethernet colocation service and finding their
> > > own space in the building. They can get (say) a Class C for
> > > virtual hosts. I want to stop them plugging in a gated box
> > > and running an etnire network behind it. IE what I want to
> > > make sure is that it only goes to addresses whose MAC addresses
> > > are immediately visible. This seemed like a nice way to do it.
> > > Yes, one joker has tried it.
>
> --
> Alex Bligh
> GX Networks (formerly Xara Networks)
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:16 EDT