Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Re: Router/Switches and viruses
From: Derek Nash <ddnash () gmail com>
Date: Thu, 5 May 2005 08:52:04 -0500
We saw it all the time at the ISP I worked for. A PC would pickup up a
nasty scanning type virus, SQL Slammer comes to mind, and would take
up all the NAT/PAT translation slots on a router/firewall. Routers
running NAT remain susceptible to this vulernability to my knowledge.
Most modern firewalls have source-based session limiting to prevent
this type of DOS.

Lastly I have seen HP Procurve Switches lock up from a port scan. This
is a known issue that has been fixed with a firmware upgrade.

On 5/3/05, Seek Knowledge <aseeker03 () yahoo com> wrote:

Does anyone have any first-hand experience with a
single infected desktop machine (or windows server for
that matter) taking out a LAN switch? Would anyone
have any stories from the trenches of an infected
machine causing a directly connected router to stop
functioning?

If so, what could be done to prevent such an outage?
What IDS/IPS strategy might one implement to prevent
and or at least detect such an event?

Thanks in advance.
ASeeker

________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------





-- 
Derek Nash; CISSP, CCSP, NCSP, MCSE

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]