[c-nsp] Slammer 1434 attack

Pradeep Kumar pradeep at protegonetworks.com
Thu Dec 23 17:41:36 EST 2004


I have been reading the thread on the Slammer attack. Identifying the
precise offending host on the network is a universal issue. Everyone goes
thro the drill of telnetting various l2/l3/firewalls and does a show conn,
show cam etc before you are able to precisely identify the infected hosts. 

 

Just wanted to share with you all that Protego ( acquired by Cisco Systems
this week ) has a solution which can identify internal users causing this
attack and show the Source IP, its MAC address and the switch port it is
connected to in real time.

 

If it is a DHCP host and moves from one switch to another switch ( ie same
laptop with a different IP ) , it will detect and report the new IP but same
MAC and the new switch port it is connected to.

 

If you have questions or want a working live demo, please send me an email
with subject " demo request". If you want white papers, please visit our web
site. 

 

Protego will tie into the Cisco SDNI ( Self Defending Network Initiative ).


 

>From a solution perspective, I would recommend to protect the host/ server
in the first place, ie protect its OS ( e.g Cisco CSA ), then consider
strengthening using Cisco NAC. This should give a considerable amount of
peace of mind. 

 

Thanks 

 

Pradeep Kumar
Consulting Systems Engineer

Mobile: 408.802.5639
Desk   :408.329.5849

IM(AOL/Yahoo): protegopk

Protego Networks ( now Cisco Systems ) 
Enterprise Threat Mitigation
Effective. Efficient. Integrated. 

 



More information about the cisco-nsp mailing list