[c-nsp] Slammer (1434) attack
Amol Sapkal
amolsapkal at gmail.com
Wed Dec 22 09:56:27 EST 2004
> Around here, systems infected with SQL Slammer would generally saturate
> their 100mbit switch port. Look for the ports receiving full line rate
> traffic.
The hosts are connected to access switches to which I do not have
access. The access switches terminate to the aggregator - the closest
point that I can access. So basically, I know which vlan is infected,
but no idea as to which machine in that vlan is infected.
On Wed, 22 Dec 2004 09:50:14 -0500 (EST), Jon Lewis <jlewis at lewis.org> wrote:
> On Wed, 22 Dec 2004, Josh Duffek wrote:
>
> > What about adding the log keyword to the end of the ACL? Couldn't you
> > also put yourself in that vlan and sniff the wire?
>
> Around here, systems infected with SQL Slammer would generally saturate
> their 100mbit switch port. Look for the ports receiving full line rate
> traffic.
>
> ----------------------------------------------------------------------
> Jon Lewis | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
--
Warm Regds,
Amol Sapkal
--------------------------------------------------------------------
An eye for an eye makes the whole world blind
- Mahatma Gandhi
--------------------------------------------------------------------
More information about the cisco-nsp
mailing list