Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
Terrible traffic
wedwards at rnetinc
Aug 24, 2003, 4:27 AM
Post #1 of 4 (1182 views)
Permalink
Good morning:
We are being bombarded by a terrific amount of traffic on our routers. I
believe it is from one of the new viruses. These routers are the Cisco AS5248
and 5396. Does anyone know how I might help them? Thank you in advance.
Bill Edwards
Rnet Incorporated
wedwards@rnetinc.net


-------------------------------------------------
This mail sent through RNet Inc. WebMail
Re: Terrible traffic [ In reply to ]
m_mushtaque at eworld
Aug 24, 2003, 10:32 AM
Post #2 of 4 (1148 views)
Permalink
Hello!

Turn ON the debug to view what type of traffic it is ... two days back
i hve been go through from this problem it was ICMP echo traffic due to
Nachi worm. look over the document on cisco's site if its a icmp
traffic. Just block these type of traffic through ACL.

regards,

Mushtaque.

----- Original Message -----
From: wedwards@rnetinc.net
Date: Sunday, August 24, 2003 11:27 pm
Subject: [cisco-nas] Terrible traffic

>
> Good morning:
> We are being bombarded by a terrific amount of traffic on our
> routers. I
> believe it is from one of the new viruses. These routers are the
> Cisco AS5248
> and 5396. Does anyone know how I might help them? Thank you in
> advance.Bill Edwards
> Rnet Incorporated
> wedwards@rnetinc.net
>
>
> -------------------------------------------------
> This mail sent through RNet Inc. WebMail
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
>
RE: Terrible traffic [ In reply to ]
ash at telstra
Aug 24, 2003, 4:20 PM
Post #3 of 4 (1148 views)
Permalink
Be careful what debugs you turn on as you may inadvertently kill the router
esp. in high load conditions. Sampled Netflow will be a better option.

Regards,
Ash

\\\|||///
\\ ^ ^ //
( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg 5/490 Northbourne Ave
Network Specialist DICKSON 2602
Internet Network Development
Telstra

Email: <<mailto:Ash.Garg@telstra.net>>
BH: +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165

The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------

-----Original Message-----
From: cisco-nas-bounces@puck.nether.net
[mailto:cisco-nas-bounces@puck.nether.net]On Behalf Of M Mushtaque
Sent: Monday, 25 August 2003 3:32 AM
To: wedwards@rnetinc.net
Cc: cisco-nas@puck.nether.net
Subject: Re: [cisco-nas] Terrible traffic


Hello!

Turn ON the debug to view what type of traffic it is ... two days back
i hve been go through from this problem it was ICMP echo traffic due to
Nachi worm. look over the document on cisco's site if its a icmp
traffic. Just block these type of traffic through ACL.

regards,

Mushtaque.

----- Original Message -----
From: wedwards@rnetinc.net
Date: Sunday, August 24, 2003 11:27 pm
Subject: [cisco-nas] Terrible traffic

>
> Good morning:
> We are being bombarded by a terrific amount of traffic on our
> routers. I
> believe it is from one of the new viruses. These routers are the
> Cisco AS5248
> and 5396. Does anyone know how I might help them? Thank you in
> advance.Bill Edwards
> Rnet Incorporated
> wedwards@rnetinc.net
>
>
> -------------------------------------------------
> This mail sent through RNet Inc. WebMail
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
>

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
RE: Terrible traffic [ In reply to ]
Aaron at cisco
Aug 25, 2003, 11:06 AM
Post #4 of 4 (1157 views)
Permalink
Yes, there's quite a rash of Microsoft Windows - based
worms and viruses floating around right now. Here are
some pointers on them and some suggestions for dealing
with them.

Windows vulnerabilities:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp
http://support.microsoft.com/?kbid=826369

Blaster: http://vil.nai.com/vil/content/v_100557.htm
http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

Nachi: http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml#aclios
http://vil.nai.com/vil/content/v_100559.htm

There's also "SoBig" - I don't have any pointers on it right now, but
I'm sure that a quick look at cnet or Google news will get you plenty
of info.

Aaron

---

> Be careful what debugs you turn on as you may inadvertently kill the router
> esp. in high load conditions. Sampled Netflow will be a better option.

> Regards,
> Ash

> \\\|||///
> \\ ^ ^ //
> ( 6 6 )
> -----------------------------------------oOOo-(_)-oOOo---
> Ash Garg 5/490 Northbourne Ave
> Network Specialist DICKSON 2602
> Internet Network Development
> Telstra

> Email: <<mailto:Ash.Garg@telstra.net>>
> BH: +612 6208 1994
> Mob: 0408 687 642
> Fax: +612 6248 6165

> The best way to publicize a governmental or political
> action is to attempt to hide it. -Mark B. Cohen
> ----------------------------------------------------------

> -----Original Message-----
> From: cisco-nas-bounces@puck.nether.net
> [mailto:cisco-nas-bounces@puck.nether.net]On Behalf Of M Mushtaque
> Sent: Monday, 25 August 2003 3:32 AM
> To: wedwards@rnetinc.net
> Cc: cisco-nas@puck.nether.net
> Subject: Re: [cisco-nas] Terrible traffic


> Hello!

> Turn ON the debug to view what type of traffic it is ... two days back
> i hve been go through from this problem it was ICMP echo traffic due to
> Nachi worm. look over the document on cisco's site if its a icmp
> traffic. Just block these type of traffic through ACL.

> regards,

> Mushtaque.

> ----- Original Message -----
> From: wedwards@rnetinc.net
> Date: Sunday, August 24, 2003 11:27 pm
> Subject: [cisco-nas] Terrible traffic

> >
> > Good morning:
> > We are being bombarded by a terrific amount of traffic on our
> > routers. I
> > believe it is from one of the new viruses. These routers are the
> > Cisco AS5248
> > and 5396. Does anyone know how I might help them? Thank you in
> > advance.Bill Edwards
> > Rnet Incorporated
> > wedwards@rnetinc.net
> >
> >
> > -------------------------------------------------
> > This mail sent through RNet Inc. WebMail
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
> >
> >

> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal