Excessive Internet Traffic

• Previous message (by thread): Excessive Internet Traffic
• Next message (by thread): Excessive Internet Traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My 445 traffic is pretty normal (lots of it, not unusual tho)

You're being DoS'd? Identify the dst and the ingress points, if you can work out 
the srces, if not speak to your upstreams for assistance in identifying and 
stopping the traffic.

Steve

On Wed, 15 Sep 2004, Robert Scott wrote:

> 
> The University of Central Florida has seen a sudden jump in tcp 445
> denies. It began a little after 9:00 AM EDST. New Worm?
> 
> I am denying about 32 thousand packets per second. IP Cache flow show
> them well spread over a wide range of addresses, targeted at what
> apeears to be a random sample of my class B. The ACL on our border
> router is taking 21 million denies every 10 minutes. 
> 
> 60 deny tcp any any eq 445 (346740094 matches)
> 
> The packets are small, since I am seeing a large nuber of packets, but
> the bit count is low.
>   30 second input rate 72679000 bits/sec, 41033 packets/sec
>   30 second output rate 29208000 bits/sec, 7687 packets/sec
>  Input bits per second are a little above normal, but the packet count
> would normally be under 10000 not 41000.
> 
> Ideas?
> 
> TIA
> 
> AppleBees says "No Anheuser"
> Robert Scott says "NO APPLEBEES!"
> Join The Boycott!
> 
> Robert D. Scott
> Associate Director
> Computer Services and Telecommunications
> Network Operations
> University of Central Florida
> Robert at mail.ucf.edu
> CSB-310
> 407-823-0662  Voice
> 407-823-5476  FAX
> 345-0662  Sun-Com
> 877-549-5390 Pager
> 
> 

• Previous message (by thread): Excessive Internet Traffic
• Next message (by thread): Excessive Internet Traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]