[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Re: A new class of network vulnerability???
Begin forwarded message: From: Jim Forster <forster@cisco.com> Date: July 26, 2007 5:24:07 PM EDT To: dave@farber.net Cc: ip@v2.listbox.com Subject: Re: [IP] A new class of network vulnerability??? Dave, (For IP if you wish)The exact situation at Duke is reasonably complex, but the general solution to the problem is pretty simple and well known for the last 15 years or so: just limit the size of the broadcast domain, with more and smaller subnets, connected by routers. Apparently Duke has fewer and bigger subnets, so the broadcasts, and unicasts to previously unheard-from MAC addresses, must be flooded over a larger area, pestering more devices and generally stressing the network.
-- Jim
This was an accidental Denial of Service. The Apple devices were merely doing what they are supposed to do, according to RFC. But the next time something like this happens, it could be deliberate. Cisco recognizes that the patch they are issuing is not a cure for "deliberate attempts to create an ARP storm". The scary part is such attempts could be virtually untraceable coming from a portable device. What wireless infrastructure could be at risk? What would be the cure? Turning off wireless?
-------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC