http://www.cert.org/incident_notes/IN-2001-09.html gives some info and leads
to another page talking about ingress and egress filtering .
http://www.cert.org/advisories/CA-2001-23.html
Basically, if you only allow inbound connections to servers, and do not
allow your servers to establish outbound connections, you'll help stop the
spread of it.
There are some Cisco notes at the bottom of the second page.
Brian
----- Original Message -----
From: "Tejal" <tejal@worldgatein.net>
To: "Eric So" <eric.so@graduate.hku.hk>
Cc: <cisco-nsp@puck.nether.net>
Sent: Wednesday, August 08, 2001 12:41 AM
Subject: Re: [nsp] Arp problem
> Pl. tell how can i come out of it.
> my badwidht is getting high utilized due to this.
> pl. give mu solution .
>
> Tejal
> ----- Original Message -----
> From: Eric So <eric.so@graduate.hku.hk>
> To: Tejal <tejal@worldgatein.net>
> Cc: <cisco-nsp@puck.nether.net>
> Sent: Tuesday, August 07, 2001 7:03 PM
> Subject: Re: [nsp] Arp problem
>
>
> > Looks like a "Code Red" scan.
> >
> > http://www.cisco.com/warp/public/63/ts_codred_worm.shtml
> >
> > -Eric
> >
> >
> > On Tue, 7 Aug 2001, Tejal wrote:
> >
> > > Dear Friends,
> > >
> > > On my cisco 2621 router i m getting so many invalid ARP entry
> > > of the IP address which doesnot exist on internet or in my lan.I
> > > m monitoring my router with mrtg but the reading of
> > > serial and ethernet port are totally diffrent. I m getting so much
> traffic
> > > on my
> > > serial port and usual traffic on my ethernet port. I m getting this
> problem
> > > from last 2 days so that my all bandwidth get utilised evenif there is
> no
> > > activity from
> > > my ethernet port to serial port.the subnet mask of my eth port is /25.
i
> m
> > > getting
> > > arp entry of all of my 512 IP in show arp command.even if only 15 of
> them
> > > are avilable on
> > > lan .
> > >
> > > so much confused.
> > >
> > > Thanks in advance
> > > Tejal Shah
> > >
> > >
> >
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:48 EDT