Level3 routing issues?
william at elan.net
william at elan.net
Sat Jan 25 06:38:31 UTC 2003
Really, really bad - most traffic I see is from this virus/dos:
Extended IP access list 152
deny udp any any eq 1434 (5639464 matches) - 94%
permit ip any any (311888 matches) - 6%
Wow!!!
On Fri, 24 Jan 2003 michael at aplatform.com wrote:
>
>
> Really bad. Quick capture of filter drops:
>
> PROTO 17 (UDP) pkt from (IP's from all over the world)/1033 to (All my IP
> space)/1434 dropped
>
> On Sat, 25 Jan 2003, hc wrote:
>
> >
> > Okay this is getting bad.. one of our routers just locked up from udp
> > 1434's. Can't even telnet to it now.
> >
> > -hc
> >
> > Joel Perez wrote:
> >
> > >My firewalls are going nuts with hits on UDP port 1434 also from
> > >everywhere!
> > >
> > > -----Original Message-----
> > > From: Aaron Burnett [mailto:listkeep at yet-another.com]
> > > Sent: Sat 1/25/2003 1:19 AM
> > > To: Alex Rubenstein
> > > Cc: hc; nanog at merit.edu
> > > Subject: Re: Level3 routing issues?
> > >
> > >
> > >
> > >
> > >
> > > On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> > >
> > > >
> > > >
> > > > I dunno about that. But, I am seeing, in the last couple hours,
> > >all kinds
> > > > of new traffic.
> > > >
> > > > like, customers who never get attacked or anything, all of a
> > >sudden:
> > > >
> > > >
> > >http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
> > > >
> > > >
> > > > We are seeing this on ports all across out network -- nearly 1/2
> > >our ports
> > > > are in delta alarm right now.
> > > >
> > > > Anyone else?
> > > >
> > >
> > > Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from
> > >all over
> > > the world to any address on my network.
> > >
> > >
> > >
> > >
> > >
> >
> >
More information about the NANOG
mailing list