Excessive Internet Traffic
Stephen J. Wilcox
steve at telecomplete.co.uk
Wed Sep 15 16:21:37 UTC 2004
My 445 traffic is pretty normal (lots of it, not unusual tho)
You're being DoS'd? Identify the dst and the ingress points, if you can work out
the srces, if not speak to your upstreams for assistance in identifying and
stopping the traffic.
Steve
On Wed, 15 Sep 2004, Robert Scott wrote:
>
> The University of Central Florida has seen a sudden jump in tcp 445
> denies. It began a little after 9:00 AM EDST. New Worm?
>
> I am denying about 32 thousand packets per second. IP Cache flow show
> them well spread over a wide range of addresses, targeted at what
> apeears to be a random sample of my class B. The ACL on our border
> router is taking 21 million denies every 10 minutes.
>
> 60 deny tcp any any eq 445 (346740094 matches)
>
> The packets are small, since I am seeing a large nuber of packets, but
> the bit count is low.
> 30 second input rate 72679000 bits/sec, 41033 packets/sec
> 30 second output rate 29208000 bits/sec, 7687 packets/sec
> Input bits per second are a little above normal, but the packet count
> would normally be under 10000 not 41000.
>
> Ideas?
>
> TIA
>
> AppleBees says "No Anheuser"
> Robert Scott says "NO APPLEBEES!"
> Join The Boycott!
>
> Robert D. Scott
> Associate Director
> Computer Services and Telecommunications
> Network Operations
> University of Central Florida
> Robert at mail.ucf.edu
> CSB-310
> 407-823-0662 Voice
> 407-823-5476 FAX
> 345-0662 Sun-Com
> 877-549-5390 Pager
>
>
More information about the NANOG
mailing list