customers and web servers and level one naps

I know we do, Michael. And I have "their" answer. But they may not have
the same experiences you did.

> > Have you had much experience, having the servers connect directly on

to a

> > level-2 device like a FDDI-to Ethernet (e.g. catalyst) connector ?

and it

> > security implications ?

It's not a matter of experience. It's a matter of what a level-2 device is
and how it normally works. There is no security at level 2.

Therefore, you should only connect trusted pieces of equipment to a
level-2 media unless it is being used as a point-to-point media. Lets use
Ethernet as an example. If you connect a customer web server to an
Ethernet then they can sniff any traffic that goes by and possibly do
nasty things like spoofing. Even if they would never do such a thing they
may be hacked by somebody who would do such a thing. So it is not a good
idea to share a level 2 media in this way.

The MAE's are switches. Unless you are sending super secret BROADCAST
traffic the security implications you are mentioning are non-existant.

Justin Newton
Internet Architect
Erol's Internet Services

What about people hacking MAC addresses or screwing around with ARP and
BOOTP? He was asking about attaching a customer web server to the exchange
so presumably anything could be done on that box.

Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049 - E-mail: