Re: Symantec AntiVirus and AOL

From: Dolan, David (Dolan_at_CTCGSC.ORG)
Date: 10/28/03

  • Next message: Russ: "New RPC worm?"
    Date:         Tue, 28 Oct 2003 10:57:11 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    This is not just a problem for Norton Antivirus. AOL also causes switches
    configured to use 'Port Security' by limiting the number of MACs allowed
    from a single port (IE. Hub control) to trip the 'alarm' when AOL starts up.
    AOL makes it look to the switch like a user is on a hub, and if the
    specified action on the switch is to 'disable' the port, then you get AOL
    disabling people ports, whether or not the AOL servers are firewalled out.

    The only way to ensure that you can monitor MAC count effectively, is to
    make sure that you don't have anything else creating an adapter, and using
    another MAC that would be detected by 'port security' on a cisco switch.
    (AOL probably isn't the only offender)

    --dave

    ********************************************
    David M. Dolan
    Assistant Network Administrator
    Concurrent Technologies Corporation
    100 CTC Drive
    Johnstown, PA 15904
    email: dolan@ctcgsc.org
    ********************************************

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Russ: "New RPC worm?"