From: Krucker, Louis (louis.krucker@xxxxxxxxxxx)
Date: Fri Aug 09 2002 - 18:09:04 GMT-3
smile:-))
I think the idea with the access-list is the best solution to protect
against such incidents.
A few weeks ago a have a similar incident with one of my customers, he
complains about slow performance on his frame-relay WAN (20 sites)
when i check the statistic i have seen the link on the hub site and one
spoke site was havy overloaded. Finally, some user has installed a rule in
outlook to forward all emails to her private external mail account but she
also forward from her private account to her office mail box, without any
size limitation, he he all of you imagine what happen. Every time when the
mail was send again the size of the mail increases a little bit and at the
end ( 3 days ) some huge mail traffice was traversed the link to the hub
site and blocks other traffic. Finally after tree days she went back to the
office and open her mailbox, she gets 70 000 mails in her inbox.
We can implement any solution, there will always be some user who find a way
to go around.
cheers
Louis
-----Original Message-----
From: Colin Barber
To: ccielab@groupstudy.com
Sent: 09.08.2002 21:22
Subject: OT: Protecting default gateway ip address
Hi Guys,
Sorry for the OT. Today at work some bright spark got the ip address and
default gateway the wrong way round on a Unix box in our data centre and
took down the whole subnet; just 200 systems and 8000 users not able to
communicate!
Has anybody got any ideas on the best way to protect the default gateway
ip
address from misconfiguration? The device is a 300 port 6509 with the
default gateway being the internal MSFCs. The only way I can thing of is
using native IOS on the cat and applying an input access list denying
the
source ip address of the default gateway on all 300 Ethernet ports. I
know
the MSFCs can wire-speed route ip and standard and extended access lists
but
does the first packet still need to be processed switched? Whatever
solution
I use it cannot affect performance of the router, switch or the clients.
Regards,
Colin
------------------------------------------------------------------------
------
Live Life in Broadband
www.telewest.co.uk
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Statements and opinions expressed in this e-mail may not represent those
of the company. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If
you received this in error, please contact the sender immediately and
delete the material from any computer.
========================================================================
======
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:22 GMT-3