[unisog] Are cisco router VLAN ACL's stateful like a PIX?

Jeff Kell jeff-kell at utc.edu
Wed Feb 2 01:39:09 GMT 2005


James Riden wrote:
> Michael Holstein <michael.holstein at csuohio.edu> writes:
>>>Blocking ICMP between VLANs has stopped RPC viruses, that's a pretty
>>>neat trick.  You must have your voodoo filters turned up to 'more magic'.
>>
>>Nope .. earlier versions of (was it Blaster or Nachi .. I forget?)
>>would ping-sweep a network so as not to "waste" tcp packets

> Nachi used fast ping sweeps; I think that Blaster only sent TCP SYNs.

UDP flooding is the worst nightmare (think SQL Slammer).  Rate limiting 
helps, and even throttles down UDP-based P2P variants as a side effect.

Jeff



More information about the unisog mailing list