this is a general question for the security specialists. Im trying to convince a client that they need a firewall....
so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty > -----Original Message----- > From: Larry Letterman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 02, 2003 1:44 PM > To: [EMAIL PROTECTED] > Subject: RE: VLAN loop problem [7:66656] > > > Yes, > it prevents loops in spanning tree on layer 2 switches from > causing a loop > by disabling the port on a cisco switch... > > > Larry Letterman > Network Engineer > Cisco Systems > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > > Thomas N. > > Sent: Wednesday, April 02, 2003 12:18 PM > > To: [EMAIL PROTECTED] > > Subject: Re: VLAN loop problem [7:66656] > > > > > > What does "portfast bpdu-guard" do? Does it prevent interfaces with > > portfast enabled from causing the loop in my scenario? > > > > > > ""Larry Letterman"" wrote in message > > news:[EMAIL PROTECTED] > > > > > port mac address security might work, altho its a lot of admin > > > overhead..are you running portfast bpdu-guard on the access ports? > > > > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > > > > > > ----- Original Message ----- > > > From: Thomas N. > > > To: [EMAIL PROTECTED] > > > Sent: Tuesday, April 01, 2003 8:14 PM > > > Subject: VLAN loop problem [7:66656] > > > > > > > > > Hi All, > > > > > > I got a problem in the production campus LAN here between > > VLANs. Please > > > help me out! Below is the scenario: > > > > > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. > > Routing is > > > enable/allowed between the two subnets using MSFC of > the 6500. Each > > subnet > > > has a DHCP server to assign IP address to devices on its subnet. > > > Spanning-tree is enable; however, portfast is turned on on all > > > non-trunking/uplink ports. Recently, devices on VLAN 10 got > > assigned an > > IP > > > address of 10.20.x.x , which is from the DHCP on the > other scope and > > also > > > from 10.10.x.x scope, and vice versa. It seems that we a > > loop somewhere > > > between the 2 subnets but we don't know where. I > noticed lots of end > > users > > > have a little unmanged hub/switch hang off the network > jacks in their > > > cubicals and potentially cause loop. > > > > > > Is there any way that we can block the loop on the > Cisco switches > > without > > > visiting cubicals taking those little umanaged > hubs/switches? Thanks! > > > > > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66720&t=66720 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]