[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nsp
Subject: Re: [c-nsp] Slammer (1434) attack
From: John Kristoff <jtk () northwestern ! edu>
Date: 2004-12-27 15:55:46
Message-ID: 20041227095546.5662e8dc () dhcp021199 ! ittns ! northwestern ! edu
[Download RAW message or body]
On Mon, 27 Dec 2004 09:36:35 -0500
Rodney Dunn <rodunn@cisco.com> wrote:
> You never want packets punted out of the interrupt switching
> vector. If you want to log packets that get dropped via
> an ACL on a software forwarding platform use Netflow and
> match on DST interface of NULL.
Unfortunately you can't get the MAC address that way. Though there
could be other ways of finding the problem host (e.g. traffic stats
on edge switch ports if your boxes are so capable and you can reach
them).
John
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic