Re: blocking packets from compromised server

From: John Matus (john_matus@hotmail.com)
Date: Wed May 25 2005 - 20:52:52 GMT-3

• Next message: Long Kwok: "v2 Cisco network modules and cards"
• Previous message: eb3613@sbc.com: "Traffic Shaping"
• Maybe in reply to: John Matus: "blocking packets from compromised server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

the basic answer would be to configure "switchport block unicast/mullitcast"
on the 3550 (at least this is the IE answer to that question). switchport
protected would stop any and all communication between devices in the same
vlan.........but i seem to remember a task where you had to stop this
traffic but you were not allowed to do it on the switch, so it was a router
feature......
does anyone else remember this?

>From: Ed Lui <edwlui@gmail.com>
>Reply-To: Ed Lui <edwlui@gmail.com>
>To: John Matus <john_matus@hotmail.com>
>CC: ccielab@groupstudy.com
>Subject: Re: blocking packets from compromised server
>Date: Wed, 25 May 2005 14:58:17 -0700
>
>John,
>
>I am not quite sure if I understand the question correctly. If you
>want to stop the compromised server sending out those packets to
>others within or out of the segment. I would use either storm
>control(preferred) or protected port feature. Would you let me know
>what is the answer from the workbook?
>
>Thanks,
>Ed Lui
>
>On 5/25/05, John Matus <john_matus@hotmail.com> wrote:
> > the compromised server is sending out random unicast and multicast
> > packets.... this is just an "internetwork expert" lab question....not
> > overly explicit.
> >
> > >From: "Lupi, Guy" <Guy.Lupi@eurekanetworks.net>
> > >To: 'John Matus' <john_matus@hotmail.com>, ccielab@groupstudy.com
> > >Subject: RE: blocking packets from compromised server
> > >Date: Wed, 25 May 2005 16:10:19 -0400
> > >
> > >Is the compromised box spoofing the source IP address?
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > >John
> > >Matus
> > >Sent: Wednesday, May 25, 2005 4:07 PM
> > >To: ccielab@groupstudy.com
> > >Subject: blocking packets from compromised server
> > >
> > >i know that you can block traffice from a compromised server w/
>"swtichport
> > >block unicast/multicast", but how would you stop a router from
>intercepting
> > >these if you did not use the above config? what kind of attack would
>this
> > >be called?
> > >
> > >_________________________________________________________________
> > >Express yourself instantly with MSN Messenger! Download today - it's
>FREE!
> > >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> > _________________________________________________________________
> > Dont just search. Find. Check out the new MSN Search!
> > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >

• Next message: Long Kwok: "v2 Cisco network modules and cards"
• Previous message: eb3613@sbc.com: "Traffic Shaping"
• Maybe in reply to: John Matus: "blocking packets from compromised server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:02 GMT-3