[c-nsp] Large networks
Gert Doering
gert at greenie.muc.de
Wed Aug 26 09:16:27 EDT 2009
Hi,
On Wed, Aug 26, 2009 at 02:55:22PM +0200, Ivan Pepelnjak wrote:
> > Generally, putting each customer into a dedicated layer 3
> > network segment is a good idea - because half of the attacks
> > that a hacked server belonging to "customer 1" might do to a
> > server from "customer 2" (ARP spoofing, IP address spoofing
> > [-> blaim goes to customer 2], HSRP attacks to the shared
> > router, etc.) suddenly are no longer relevant at all.
>
> The only disadvantage of this approach is that you waste up to 75% of the
> address space (assuming you have one server per customer).
That's what we have IPv6 for :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090826/cdfdecec/attachment.bin>
More information about the cisco-nsp
mailing list