How to break a network.

From: Michael Snyder (msnyder@wk.net)
Date: Mon Nov 24 2003 - 00:27:32 GMT-3

• Next message: JamesGEF: "Redistribution"
• Previous message: Michael Snyder: "RE: Summarizing Access-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I had a real world experience to share.

Testing out ids, I found a lot of spoofed traffic on a clients network.

I believe it was one of the newer worms out at the time. I had a tech
tracking down the infected machines.

I noticed that a lot of the traffic was neither sourced nor destined for
the network I was on, and it wasn't on a transit network!

So, I figure I can take care of that, and threw a vlan filter on the
switch.

Where a.b.c.d = clients network.

Permit ip a.b.c.d 0.0.0.255 any
Permit ip any a.b.c.d 0.0.0.255

Get a call the next day. Network is broke.

Can anyone guess what I broke?

Continued on next email.

Michael Snyder
Lead Network Engineer
CCDP, CCSP, MCSE NT/2000
Revolution Computer Systems
(270) 443-7400

• Next message: JamesGEF: "Redistribution"
• Previous message: Michael Snyder: "RE: Summarizing Access-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:16 GMT-3