TCP session disconnection caused by Code Red?

• Previous message (by thread): TCP session disconnection caused by Code Red?
• Next message (by thread): TCP session disconnection caused by Code Red?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Some things that are worth looking if you are running Cisco's
( I blieve the original poster was):

http://www.cisco.com/warp/public/63/ts_codred_worm.html

Regards,
Kevin

 
> mike harrison <meuon at highertech.net> wrote
>>Blaz Zupan <blaz at amis.net> wrote:
>>> For the last few days, our network seems to be basically unreachable
>>> from the outside. Most incoming TCP sessions (web requests, incoming
>>> mail, telnet sessions, etc.) often fail with a simple "Connection
>>> refused" like nobody is
>>
>>Your routers are brain dead from the load.. routers that are used to
>>handling a few thousand connections are being asked to handle 10's of
>>thousands. 1 good 1000+ address scan from an ISDN user kills my
>>Lucent/Ascend TNT unless we filter for it. 
> 
> I've been told (but not given permission to forward details of
> who/how/what) that some major sites with a single router
> and relatively flat network topology are dying due to the ARP
> request flood that is being generated by Code Red scans on the
> inside of their border router choking the router.  Check the
> rate of ARP requests coming off your border router and see if
> it seems excessive; if so, that may be it.
> 
> 
> -george william herbert
> gherbert at retro.com

• Previous message (by thread): TCP session disconnection caused by Code Red?
• Next message (by thread): TCP session disconnection caused by Code Red?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]