|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm / UDP1434
David, ----- Original Message ----- From: "Freedman David" <[email protected]> > Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)? > They sure don't like this traffic one bit. It causes them to not only drop > traffic, but spew out every available error message under the sun... We use extremes in our core and it did not log much other than CPU issues: 01/25/2003 02:20.23 <INFO:SYST> task tNetTask cpu utilization is 88% PC: 80266eb4 01/25/2003 02:20.23 <CRIT:SYST> task tNetTask cpu utilization is 88% PC: 80266eb4 and... 01/25/2003 02:24.43 <INFO:SYST> task tNetTask cpu utilization is 93% PC: 80266eb4 01/25/2003 02:24.42 <CRIT:SYST> task tNetTask cpu utilization is 93% PC: 80266eb4 I did notice console messages while investigating the sources of the traffic, but of course have no log of them now. The switches stayed up the whole time though (yay) Also picked up some strange messages from one of the offenders: 01/25/2003 02:23.48 <WARN:IPRT> IGMP: snooping.c 376: updateGroupSenderListPortMask: PTAGalloc 237.189.185.65/64.237.99.79 01/25/2003 02:23.48 <WARN:IPRT> IGMP: snooping.c 376: updateGroupSenderListPortMask: PTAGalloc 237.137.210.243/64.237.99.79 01/25/2003 02:23.48 <WARN:IPRT> IGMP: snooping.c 376: updateGroupSenderListPortMask: PTAGalloc 225.134.14.67/64.237.99.79 No idea yet what that is, though I assume it is coming from the monitor port. -Scotty
|