[nsp] PIX 535 stateful failover
Gert Doering
gert at greenie.muc.de
Mon Jun 14 07:11:02 EDT 2004
Hi,
On Mon, Jun 14, 2004 at 12:59:22PM +0200, Daniel Roesen wrote:
> Other techniques involve e.g. flooding the switch which then becomes
> essentially a single broadcast domain hub.
If overloading the switch results in flooding *between different VLANs*
the switch is broken beyond repair.
The "classical" overload-mac-table-switch-starts-flooding attack works
only inside a VLAN, to gain access to packets that you wouldn't otherwise
see on "your" port.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list