It's supposed that you configure the default gateway's MAC address of the VLAN where the RSKill interface is connected and when the RSKILL packets need to travel to another subnet it is trought its default gateway and it spoofs the victim and attacker IP addresses. Obviously, the larger the number of hops the long the time it takes to the RSKILL packets to respond to an attack and the possibility to stop the attack is decreasing.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 05, 2005 10:09 PM To: [email protected] Cc: [EMAIL PROTECTED] Subject: [ISSForum] How to Config RSKill on SW with many VLAN ? Dear ALLs Our company config SW(cisco 2650) to 3 VLAN and set port 23 to monitor traffic, port 24 to send RSKill Does anyone have the experience when implement Network Sensor 7.0 , How to Config RSKill on SW with many VLAN ? Our administrator said IDS can monitor all traffic on SW but IDS can not send RSKill to all port this mean for RSKill IDS can send only one VLAN Is this correct ??? ****************** Pramote KBANK,TH _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
