[nsp] Detecting hacked boxes on switch
Arie Vayner
ml at vayner.net
Sun Jul 6 02:16:04 EDT 2003
Hi
What about some other things to consider?
- Placing some policing config on the inbound traffic (only 3550 supports
that)
- using rmon commands to generate traps/syslog on ports that change their
pattern too fast
Arie
On Tue, 1 Jul 2003, James hampton wrote:
> Our bandwidth meters are maxing out on an incoming link to our provider, this usually means one of our boxes has been hacked and someones pushing a bunch of mp3's or what ever onto one of our boxes. Most of our servers are connected to one of two switches, is there anyway I can look at switchport utilization or some other method on the switch to help narrow down or identify which box is being hacked?
> James
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list