Re: Router/Switches and viruses
From: Derek Nash (ddnash_at_gmail.com)
Date: 05/05/05
- Previous message: Per Engelbrecht: "Re: Router/Switches and viruses"
- In reply to: Seek Knowledge: "Router/Switches and viruses"
- Next in thread: Robert Holtz: "Re: Router/Switches and viruses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 5 May 2005 08:52:04 -0500 To: Seek Knowledge <aseeker03@yahoo.com>
We saw it all the time at the ISP I worked for. A PC would pickup up a
nasty scanning type virus, SQL Slammer comes to mind, and would take
up all the NAT/PAT translation slots on a router/firewall. Routers
running NAT remain susceptible to this vulernability to my knowledge.
Most modern firewalls have source-based session limiting to prevent
this type of DOS.
Lastly I have seen HP Procurve Switches lock up from a port scan. This
is a known issue that has been fixed with a firmware upgrade.
On 5/3/05, Seek Knowledge <aseeker03@yahoo.com> wrote:
> Does anyone have any first-hand experience with a
> single infected desktop machine (or windows server for
> that matter) taking out a LAN switch? Would anyone
> have any stories from the trenches of an infected
> machine causing a directly connected router to stop
> functioning?
>
> If so, what could be done to prevent such an outage?
> What IDS/IPS strategy might one implement to prevent
> and or at least detect such an event?
>
> Thanks in advance.
> ASeeker
>
> ________________________________________________________________________
> Yahoo! Messenger - Communicate instantly..."Ping"
> your friends today! Download Messenger Now
> http://uk.messenger.yahoo.com/download/index.html
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>
-- Derek Nash; CISSP, CCSP, NCSP, MCSE -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Per Engelbrecht: "Re: Router/Switches and viruses"
- In reply to: Seek Knowledge: "Router/Switches and viruses"
- Next in thread: Robert Holtz: "Re: Router/Switches and viruses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
