[nsp] Detecting hacked boxes on switch
Paul Kohler
pkohler at cisco.com
Tue Jul 1 12:05:08 EDT 2003
Siva is right that the more suitable feature would be NetFlow. There is a
good presentation on combatting attacks at
http://www.cisco.com/global/EMEA/networkers/presentations/SEC-301_Michael_Behringer.pdf.gz
NetFlow information is at
www.cisco.com/go/netflow
You had mentioned switches - switches supported include Cat6k, Cat5k, & Cat4k.
Paul
At 09:37 AM 7/1/2003, Siva Valliappan wrote:
> > You could also possibly use ip accounting on your router. Just add "ip
> > accounting output" to the interface the traffic is going out (as it goes
>
>^^^^^^^
>
>caution with "ip accounting". generic ip accounting (not mac accounting)
>is not supported in the DCEF path. Netflow is where the focus is on
>development and enhancements. Netflow is also supported in the DCEF
>path. so you may want to configure Netflow (caveat being this is a input
>feature rather then an output feature).
>
>cheers
>.siva
>
> > through your router). Then have a look at show ip accounting.
> >
> > ----------------------------------------------------------------------
> > Jon Lewis *jlewis at lewis.org*| I route
> > System Administrator | therefore you are
> > Atlantic Net |
> > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list