IDS mailing list archives
Re: Router/Switches and viruses
From: Per Engelbrecht <per () xterm dk>
Date: Thu, 05 May 2005 11:08:39 +0200
Seek Knowledge wrote:
Does anyone have any first-hand experience with a single infected desktop machine (or windows server for that matter) taking out a LAN switch? Would anyone have any stories from the trenches of an infected machine causing a directly connected router to stop functioning? If so, what could be done to prevent such an outage? What IDS/IPS strategy might one implement to prevent and or at least detect such an event?
If I understand your question right, you're asking for a way to protect your switche(s).
Most common attack against switches is arp-cache-poison. Solution: mac-lockdown (static mac) i.e. one mac per int. Another risk is snmp. Solution: use snmpv2 (or better) and change community-name N times per year.Also monitor on your span ports and put all swiches on another network than the one they're switching for. (==unreachable by nodes)
/per per () xterm dk
Thanks in advance. ASeeker ________________________________________________________________________Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.--------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Router/Switches and viruses Seek Knowledge (May 04)
- Re: Router/Switches and viruses Per Engelbrecht (May 06)
- Re: Router/Switches and viruses Derek Nash (May 06)
- Re: Router/Switches and viruses Robert Holtz (May 06)
- Re: Router/Switches and viruses Kevin (May 06)
- Re: Router/Switches and viruses Jason Haar (May 06)
- RE: Router/Switches and viruses Wolfpaw - Dale Corse (May 09)
- <Possible follow-ups>
- Re: Router/Switches and viruses Chris Byrd (May 06)
- RE: Router/Switches and viruses Steven Williams (May 09)
- RE: Router/Switches and viruses THolman (May 19)