[NCLUG] Egress Filtering
Sean Reifschneider
jafo-nclug at tummy.com
Wed Aug 15 16:43:53 MDT 2001
On Tue, Aug 14, 2001 at 03:15:10AM -0600, John L. Bass wrote:
>Last time I checked - installing a network monitor on a subnet
>was mostly passive, and impacts network design/architecture pretty
>minimally. Especially when the monitor is a workstation PC type device
Ok, where do you set up a monitor pod to catch these things? You put it on
the core switch on a port with monitoring enabled? At that point you get a
packet that says it's from 10.1 -- what good is that? Best-case is that
you may know what router it came from via the hardware-level address if
your logging system dumps that. If not, all you know is that *SOMONE* is
using it, so how do you complain to them?
If you have the MAC address, all you know is what router was sending them.
Most places don't have a router for every DSL connection though, so...
Sean
--
"The big bad wolf, he learned the rule. You gotta get hot to play real cool."
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the NCLUG
mailing list