RE: blocking packets from compromised server

From: Lupi, Guy (Guy.Lupi@eurekanetworks.net)
Date: Wed May 25 2005 - 17:10:19 GMT-3

• Next message: James Matrisciano: "RE: blocking packets from compromised server"
• Previous message: John Matus: "blocking packets from compromised server"
• Maybe in reply to: John Matus: "blocking packets from compromised server"
• Next in thread: James Matrisciano: "RE: blocking packets from compromised server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is the compromised box spoofing the source IP address?

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Wednesday, May 25, 2005 4:07 PM
To: ccielab@groupstudy.com
Subject: blocking packets from compromised server

i know that you can block traffice from a compromised server w/ "swtichport
block unicast/multicast", but how would you stop a router from intercepting
these if you did not use the above config? what kind of attack would this
be called?

• Next message: James Matrisciano: "RE: blocking packets from compromised server"
• Previous message: John Matus: "blocking packets from compromised server"
• Maybe in reply to: John Matus: "blocking packets from compromised server"
• Next in thread: James Matrisciano: "RE: blocking packets from compromised server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:02 GMT-3