[c-nsp] Slammer (1434) attack
John Kristoff
jtk at northwestern.edu
Mon Dec 27 10:55:46 EST 2004
On Mon, 27 Dec 2004 09:36:35 -0500
Rodney Dunn <rodunn at cisco.com> wrote:
> You never want packets punted out of the interrupt switching
> vector. If you want to log packets that get dropped via
> an ACL on a software forwarding platform use Netflow and
> match on DST interface of NULL.
Unfortunately you can't get the MAC address that way. Though there
could be other ways of finding the problem host (e.g. traffic stats
on edge switch ports if your boxes are so capable and you can reach
them).
John
More information about the cisco-nsp
mailing list