[Snort-users] Strange behavior from an Extreme Networks Alpine Switch

Phil Wood cpw at ...440...
Fri Jan 5 14:32:54 EST 2001


Just wondered if anyone on the list would have an idea about the following:

Last night I noticed an abnormally high packets per second on some IDS
equipment.  So, I cranked up a tcpdump of 10,000 packets, (took about a second),
and the majority were TCP ACK packets (no data) being sent from an Extreme
Networks Alpine Layer 4 switch on our network to some poor host in Argentina.
At this point I set up a deny acl on the router for the interface where the
switch was.  Then I mailed a message about the problem to the person responsible
for the switch. In the time it took to compose and send the message, the
router dropped 18289662 packets!

So, do you think there is a way to hack into an Alpine switch, and a way
to tell it to generate bogus traffic?  

Thanks,

Phil





More information about the Snort-users mailing list