|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?)
<Snip> UPDATED: The Nachi worm will infect vulnerable Windows XP and 2000 machines using the same exploit used by the MS Blast worm family. The main difference between Nachi and MS Blast, is that Nachi will remove and disable MS Blast infections that it encounters, and download and install the correct MSRPC DCOM patch from Microsoft. This action will permanently close the MSRPC DCOM vulnerability. The Nachi worm will not patch the WebDAV vulnerability on Windows 2000 Servers. </snip> Patches DCOM and removes MBLAST.. Why doesn't Microsoft release this, or did they? :). mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband -----Original Message----- From: Ingevaldson, Dan (ISS Atlanta) [mailto:[email protected]] Sent: August 19, 2003 12:30 PM To: Paul Jasa; [email protected] Subject: RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) The "Nachi" worm propagates via MSRPC DCOM and the IIS WebDAV bug. It may be causing this storm because it runs 300 scanning threads, and it pings each IP first. http://xforce.iss.net/xforce/alerts/id/150 MS Blast wasn't multithreaded. Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D [email protected] 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: Paul Jasa [mailto:[email protected]] Sent: Tuesday, August 19, 2003 12:19 PM To: [email protected] Subject: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) A call to AT&T Worldnet confirms that AT&T Worldnet service is blocking ICMP in order to deal with an undefined emergency. Nothing posted on their site, nor any other info is available. If anyone has info related to this "icmp outage", please advise. Thanks! pj ====================================== Paul Jasa Network Engineer ====================================== -----Original Message----- From: Sean Crandall [mailto:[email protected]] Sent: Tuesday, August 19, 2003 02:12 AM To: Paul Jasa; [email protected] Subject: RE: AT&T US Network Slowdown? Importance: High > > Dear Nanogers, > Is anyone aware of a "slowdown" issue throughout the US AT&T network > since 8/18 at around 4pm which is causing a lot of internet circuits > (including DSL) to be inaccessible and/or appear down from the outside > world? AT&T says this has been escalated to "Level 4" with no ETA and > affecting the whole country. I am seeing this problem in the San > Francisco area. Just wondering if anyone else is experiencing > anything that would confirm AT&T's claim, and fishing for more info > about the possible cause and ETA. Thanks! We are currently seeing the slowdown on our network in San Jose. Started about exactly the time frame that you mentioned. The rest of the country (oddly) seems unaffected by this at the moment, but San Jose is getting hammered by something. Still trying to sort out exactly where it is coming from. -Sean Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. Pleasanton, CA 94588 (925) 201-2530
|