Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using CSA to prevent NIC in Promiscious Mode(Windows)

Hi,

There seems to be no functionality in CSA-Windows Rule to prevent going a NIC into promiscious mode (Though there is a UNIX rule for that).

How I can I prevent sniffer applications from being launched on Windows using CSA ?

I don't want to create a List of sniffer application and then use Application Control rule, since that means I will have to keep updating that list.

Is there a more dynamic way ?

Thanks,

Naman

2 REPLIES
Blue

Re: Using CSA to prevent NIC in Promiscious Mode(Windows)

You might try a 'connection rate limit' rule to keep hosts from making over a certain amount of connections in a specified period of time.

There might also be a way to classify 'chatty' applications dynamically and then deny them the ability to make over a certain number of connections.

Why are you trying to accomplish this, if you don't mind my asking?

Tom S

Blue

Re: Using CSA to prevent NIC in Promiscious Mode(Windows)

You also might try blocking the packet drivers (like WinPcap) that these apps rely on. It might be an easier list to manage.

Tom S

133
Views
0
Helpful
2
Replies
CreatePlease to create content