we have 13 floors in our building. All the floors come down into the same switch via gig links. Each floor is an individual subnet vlan. That switch
then communicates to other server farm switches via a gig uplink. The problem we want to remedy is how to keep workstations that are infected with Blaster or future variants from "blasting" each from floor-to-floor. By this I mean, if we have infected machines on the 5th floor then they will bombard
clients on the other floors. What is the best way to contain this situation?
Should I use the IDSM-2 to shun these attacks via dynamic VACLs or should I use NBAR for this situation or even just private vlans?? Of course private vlans will only help on each respective vlan subnet. Also, If I use NBAR (IDSM-2 too??) will it block all good traffic as well? I know with NBAR I
can have it drop traffic altogether which is the ultimate goal. I have read the following SAFE document and it is very good but it still leaves many questions unanswered. There is an NBAR sample config there as well.
Since you are using switches, VACLs seem to be a better option. The use of IOS ACLs on the Cisco Catalyst 4000 with a Sup3 and Hybrid and Native configurations of the Cisco Catalyst 6500 is recommended. Take a look at this document for configuration details.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...