|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Birk Richter (b.richter
SECUNET.DE)Date: Fri Jan 19 2001 - 04:59:14 CST
Hello,
the ISS RealSecure Network Engine has the
possibilty to respond to detected attacks with
a RST-TCP-packet (RS-Kill).
my questions are:
To which IP-Dest addresses RealSecure sends
the RS-Kill (server or client or both) ?
Which MAC-Src address RealSecure uses for
building the RS-Kill (the own or faked for
server, client (router)) ?
If RealSecure uses the own MAC then you have
false entries in the arp cache of router/switch.
If RealSecure uses faked MAC for server or client
then you have false entries in the bridging table
of the switch.
Exist any solutions for this (potential) problem ?
Birk
---------------------
secunet
Security Networks AG Fon/Fax: (03 51) 4 39 59-30/59
Ammonstrasse 72 Mobil: (01 71) 2 20 83 79
01067 Dresden E-Mail: b.richtersecunet.de
URL: www.secunet.de
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]