[c-nsp] Slammer (1434) attack
Amol Sapkal
amolsapkal at gmail.com
Wed Dec 22 14:06:18 EST 2004
On Wed, 22 Dec 2004 20:02:03 +0100, Florian Weimer <fw at deneb.enyo.de> wrote:
>
> If it's just a single host, it still shows up in the flow records
> (I finally got one, too, a few months ago).
>
> However, dropped packets are much less likely to end up in flow
> records, so if you have lots of other traffic (especially null-routed
> traffic), the Slammer won't dominate the exported flow data.
>
That is what is precisely happening. The slammer is still around but
since the vlans are on with the access-lists, they are not showing up
in the flow data (my last post). I am not sure of the 'Order of
operations' - whether the flows will be calculated first OR the
access-list will be applied first.
--
Warm Regds,
Amol Sapkal
--------------------------------------------------------------------
An eye for an eye makes the whole world blind
- Mahatma Gandhi
--------------------------------------------------------------------
More information about the cisco-nsp
mailing list