[c-nsp] Slammer (1434) attack
Jon Lewis
jlewis at lewis.org
Wed Dec 22 09:50:14 EST 2004
On Wed, 22 Dec 2004, Josh Duffek wrote:
> What about adding the log keyword to the end of the ACL? Couldn't you
> also put yourself in that vlan and sniff the wire?
Around here, systems infected with SQL Slammer would generally saturate
their 100mbit switch port. Look for the ports receiving full line rate
traffic.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list