[c-nsp] Slammer (1434) attack
Florian Weimer
fw at deneb.enyo.de
Wed Dec 22 14:02:03 EST 2004
* Gert Doering:
> I'm not sure about the 6509s, but "in general", if you do netflow
> exporting, you *will* see packets dropped by an ACL (with a "null"
> destination interface).
If it's just a single host, it still shows up in the flow records
(I finally got one, too, a few months ago).
However, dropped packets are much less likely to end up in flow
records, so if you have lots of other traffic (especially null-routed
traffic), the Slammer won't dominate the exported flow data.
More information about the cisco-nsp
mailing list