We were advised to only put STP on ports between switches as this limits the storm to one switch. If you do it to all ports it can slow down the negotiation of the port to such an extent that the port is not ready when the PC is after a restart.
As far as we know this works as we think we had a situation where a rouge NIC was flooding the network but only one area became slow.
Such an act of deliberate vandalism as you describe is hard to defend against.Originally Posted by johnny
The countermeasures required to defeat such an attack bring management challenges that simply do not suit the traditionally "flat" school network designs.
Realtime monitoring solutions such as Cisco's, HP and 3Com's switch software can normally display when such an attack occurs as you would normally loose your segments one by one so by detecting the source switch it can be isolated quickly by unplugging it at the core or distribution layer.
Core switch management usually has other features that can be leveraged.
By baselining the entire network and specifying specific threshold values for a specific port or uplink sudden unusual traffic patterns can be detected and controlled, throttled or even shutdown.
Time to get the switch manuals out and look closely at many of those features the manufacturers went to great lengths to build in but we all chose to ignore...
The birch or a Taser would be more effective, but I would draw the line at lethal force for a minor network violation...
There are currently 1 users browsing this thread. (0 members and 1 guests)