North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New worm / port 1434?
On Sat, 25 Jan 2003, Marshall Eubanks wrote: > Can you give me any information about which multicast group addresses > were being attacked ? I didn't have any logging turned on at the time so I don't have the addresses laying around. I just remember I had a storm of traffic trying to go to addresses between 224.x.x.x and 247.x.x.x - the addresses looked fairly random though. It may have been just a result of whatever random address algorithm was being used. Since I don't route multicast, it stayed local to the network segment but every host on the segment saw the traffic. > I have seen very little sign of this worm in interdomain multicast; it > does not seem > to be causing MSDP havoc the way that the RAMEN worm did. > > Regards > Marshall Eubanks > > > On Saturday, January 25, 2003, at 06:00 AM, [email protected] wrote: > > > > > This one seemed to be particularly nasty as it was generating traffic to > > multicast addresses too. It caused a nice flood on the switched ethernet > > segment I had a vulnerable box on. (And took out a router in the > > process. > > Great fun.) > > > > William Astle > > finger [email protected] for further information > > > > Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N > > w--- !O > > !M PS PE V-- Y+ PGP [email protected] 5++ X !R [email protected] [email protected] !DI D? G e++ h+ y? > > > > > T.M. Eubanks > Multicast Technologies, Inc. > 10301 Democracy Lane, Suite 410 > Fairfax, Virginia 22030 > Phone : 703-293-9624 Fax : 703-293-9609 > e-mail : [email protected] > http://www.multicasttech.com > > Test your network for multicast : > http://www.multicasttech.com/mt/ > Status of Multicast on the Web : > http://www.multicasttech.com/status/index.html > William Astle finger [email protected] for further information Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N w--- !O !M PS PE V-- Y+ PGP [email protected] 5++ X !R [email protected] [email protected] !DI D? G e++ h+ y?
|