|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] SQL-worm 1 IP multiple MAC???
From: Christopher Carey (security
securespot.com)
Date: Tue Mar 02 2004 - 20:40:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Possibly: This MAC Flooding is an ARP Cache Poisoning technique aimed at
network switches. When certain switches are overloaded they often drop
into a "hub" mode. In "hub" mode, the switch is too busy to enforce its
port security features and just broadcasts all network traffic to every
computer in your network.
Chris Carey
On Tue, 2004-03-02 at 17:31, Ariesto wrote:
> Hi all,
>
>
>
> I’ve just found the old SQL-slammer again in my customer network and
> notice something that I’ve never notice before:
>
>
>
> The worm sends UDP packet using 1 static spoof source IP and 1 static
> spoof dest IP, but the MAC address changes in every packet (mostly the
> source mac). What is happening here?? Have anybody notice this
> before??
>
>
>
> Cheers,
>
>
>
> -A
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]