[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Re: Symantec AntiVirus and AOL
From:       "Dolan, David" <Dolan () CTCGSC ! ORG>
Date:       2003-10-28 15:57:11
[Download RAW message or body]

This is not just a problem for Norton Antivirus.  AOL also causes switches
configured to use 'Port Security' by limiting the number of MACs allowed
from a single port (IE. Hub control) to trip the 'alarm' when AOL starts up.
AOL makes it look to the switch like a user is on a hub, and if the
specified action on the switch is to 'disable' the port, then you get AOL
disabling people ports, whether or not the AOL servers are firewalled out.

The only way to ensure that you can monitor MAC count effectively, is to
make sure that you don't have anything else creating an adapter, and using
another MAC that would be detected by 'port security' on a cisco switch.
(AOL probably isn't the only offender)

--dave

********************************************
David M. Dolan
Assistant Network Administrator
Concurrent Technologies Corporation
100 CTC Drive
Johnstown, PA 15904
email: dolan@ctcgsc.org
********************************************

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.

----
[prev in list] [next in list] [prev in thread] [next in thread]