Re: A new class of network vulnerability???

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jim Forster <forster () cisco com>
Date: July 26, 2007 5:24:07 PM EDT
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] A new class of network vulnerability???

Dave,

(For IP if you wish)

The exact situation at Duke is reasonably complex, but the general  
solution to the problem is pretty simple and well known for the last  
15 years or so: just limit the size of the broadcast domain, with  
more and smaller subnets, connected by routers.  Apparently Duke has  
fewer and bigger subnets, so the broadcasts, and unicasts to  
previously unheard-from MAC addresses, must be flooded over a larger  
area, pestering more devices and generally stressing the network.

  -- Jim


> This was an accidental Denial of Service.   The Apple devices were  
> merely doing what they are supposed to do, according to RFC.  But  
> the next time something like this happens, it could be deliberate.   
> Cisco recognizes that the patch they are issuing is not a cure for  
> "deliberate attempts to create an ARP storm".  The scary part is  
> such attempts could be virtually untraceable coming from a portable  
> device.   What wireless infrastructure could be at risk?  What  
> would be the cure?  Turning off wireless?



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com