From: John Matus (john_matus@hotmail.com)
Date: Wed May 25 2005 - 18:47:17 GMT-3
the compromised server is sending out random unicast and multicast
packets.... this is just an "internetwork expert" lab question....not
overly explicit.
>From: "Lupi, Guy" <Guy.Lupi@eurekanetworks.net>
>To: 'John Matus' <john_matus@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: blocking packets from compromised server
>Date: Wed, 25 May 2005 16:10:19 -0400
>
>Is the compromised box spoofing the source IP address?
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>John
>Matus
>Sent: Wednesday, May 25, 2005 4:07 PM
>To: ccielab@groupstudy.com
>Subject: blocking packets from compromised server
>
>i know that you can block traffice from a compromised server w/ "swtichport
>block unicast/multicast", but how would you stop a router from intercepting
>these if you did not use the above config? what kind of attack would this
>be called?
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today - it's FREE!
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:02 GMT-3