[j-nsp] Logging MAC addresses
Jared Mauch
jared at puck.nether.net
Tue Apr 1 15:40:39 EST 2003
On Tue, Apr 01, 2003 at 09:19:38PM +0200, Hannes Gredler wrote:
> On Tue, Apr 01, 2003 at 05:58:05PM +0200, Arjan Hulsebos wrote:
> | Logging MAC addresses
> |
> | All,
> |
> | We're seeing from time to time spoofed packets hitting the firewall filters.
> | Sometimes at rates that it's becoming a nuisance. Hence, we'd like to know
> | who's sending all this garbage. On a Cisco, there's the log-input keyword.
> | So far, I haven't found the Juniper equivalent of that. Have any of you?
>
> unfortunately the IO manager ASIC strips away link-layer information;
> so at the time the packets hits the firewalling engine we do not have
> source MAC addresses available anymore;
>
> assuming that it is a non-peer that is causing this i'd recommend to
> turn on MAC address filtering;
Hannes,
It sounds like you're missing the point.
If you are on a public switched exchange or in your own
network doing hop-by-hop traceback, knowing the mac address of
the person who sent the packet(or frame) is important and
something that Juniper has been lacking.
- Jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the juniper-nsp
mailing list