Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2004
    Posts
    473

    * Switch powerconnect 3548 under attack (?)

    Hi

    we have Switch DELL Powerconnect that manage 25 servers

    switch have pubblic IP and SNMP activate for remote badwidth controll

    from 2 days we have a lot of inbound traffic, on all switch port.. also port that is attached to power off servers.

    the traffic don't interest servers, seems is direct to switch.

    in the log we don't say anything that is dangerouse, any denied telnet access but nothing else.

    in the normal day a port attached to failover network (so without traffic) signed 40/45 MB of traffic
    today (in only 12 hours) the same port signed 780 MB
    :/

    What's best way to stop this ?

    Toggle IP pubblic and put IP private may be a good way but we need to keep snmp pubblic.. and is not so simple.

    We connect to server with web interface to 99% of time..

    May be kill telnet service on switch help to stop attack ?

    Thanks for any help / suggest !
    We need server tuning for improve mass mailing list. Please send PM if have knowledge
    TX

  2. #2
    Join Date
    Aug 2007
    Location
    Belgium
    Posts
    4,183
    Do you have broadcast limit enabled on all ports?
    Did you define an ACL which only allows access to the switch from your IPs?

    If not, might be useful to setup
    www.InstantDedicated.com - Online in no time
    Dedicated Servers in [EU] Netherlands with DAILY support, also on weekends
    DDOS Protected network - 100% Money Back if it doesn't work for you
    Streaming / IPTV allowed | Up to 10 Gbit ports | 100% Network Uptime

  3. #3
    Join Date
    Feb 2004
    Posts
    473
    Quote Originally Posted by ServerBoost View Post
    Do you have broadcast limit enabled on all ports?
    Did you define an ACL which only allows access to the switch from your IPs?

    If not, might be useful to setup
    yes, all ports have limit set by speed port or QOS bandwidth settings. But, lower setting port are 10Mbit and on this port we see that inbound traffic is 400-700 Kbits not more

    No, at this time ACL IP Based is not define, for could access from emergency to switch by out of our office
    We can set this but think that traffic inbound still be the same

    tx
    We need server tuning for improve mass mailing list. Please send PM if have knowledge
    TX

  4. #4
    I'm not sure that traffic against your switch IP is truly the problem, but I would not recommend putting a publicly-reachable IP on a PowerConnect. A couple of years ago, I set-up a 62xx in a test lab, and after giving it a public IP (and no firewall protection), it started rebooting every couple of weeks. My assessment was that PowerConnects may not be well-tested by the manufacturer in a public-IP scenario.

    If you have a router or firewall between the Dell and the Internet, I suggest blocking traffic to your switches, for all but the ports you really need to reach from the Internet (which sounds like maybe udp/161 for SNMP).

    You might also post to the PowerConnect users forum.
    http://en.community.dell.com/support...hes/f/866.aspx

Similar Threads

  1. Dell Powerconnect 3548
    By serverx in forum Colocation and Data Centers
    Replies: 5
    Last Post: 01-07-2011, 10:25 PM
  2. Switch Dell 3548 - Limit snmp local traffic rules
    By webstyler in forum Colocation and Data Centers
    Replies: 1
    Last Post: 05-02-2008, 01:22 PM
  3. Dell PowerConnect Network Switch Experiences?
    By ameeriklane in forum Colocation and Data Centers
    Replies: 17
    Last Post: 12-21-2006, 09:28 AM
  4. Dell PowerConnect 3048 Switch and MRTG
    By Fremont Servers in forum Hosting Security and Technology
    Replies: 7
    Last Post: 02-17-2006, 04:58 PM
  5. Dell PowerConnect 3024 Switch For Sale
    By vour in forum Other Offers & Requests
    Replies: 0
    Last Post: 04-06-2004, 03:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •