|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: TCP session disconnection caused by Code Red?
Some things that are worth looking if you are running Cisco's ( I blieve the original poster was): http://www.cisco.com/warp/public/63/ts_codred_worm.html Regards, Kevin > mike harrison <[email protected]> wrote >>Blaz Zupan <[email protected]> wrote: >>> For the last few days, our network seems to be basically unreachable >>> from the outside. Most incoming TCP sessions (web requests, incoming >>> mail, telnet sessions, etc.) often fail with a simple "Connection >>> refused" like nobody is >> >>Your routers are brain dead from the load.. routers that are used to >>handling a few thousand connections are being asked to handle 10's of >>thousands. 1 good 1000+ address scan from an ISDN user kills my >>Lucent/Ascend TNT unless we filter for it. > > I've been told (but not given permission to forward details of > who/how/what) that some major sites with a single router > and relatively flat network topology are dying due to the ARP > request flood that is being generated by Code Red scans on the > inside of their border router choking the router. Check the > rate of ARP requests coming off your border router and see if > it seems excessive; if so, that may be it. > > > -george william herbert > [email protected]
|