[cisco-nas] Terrible traffic
Aaron Leonard
Aaron at cisco.com
Mon Aug 25 12:06:07 EDT 2003
Yes, there's quite a rash of Microsoft Windows - based
worms and viruses floating around right now. Here are
some pointers on them and some suggestions for dealing
with them.
Windows vulnerabilities:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp
http://support.microsoft.com/?kbid=826369
Blaster: http://vil.nai.com/vil/content/v_100557.htm
http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml
Nachi: http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml#aclios
http://vil.nai.com/vil/content/v_100559.htm
There's also "SoBig" - I don't have any pointers on it right now, but
I'm sure that a quick look at cnet or Google news will get you plenty
of info.
Aaron
---
> Be careful what debugs you turn on as you may inadvertently kill the router
> esp. in high load conditions. Sampled Netflow will be a better option.
> Regards,
> Ash
> \\\|||///
> \\ ^ ^ //
> ( 6 6 )
> -----------------------------------------oOOo-(_)-oOOo---
> Ash Garg 5/490 Northbourne Ave
> Network Specialist DICKSON 2602
> Internet Network Development
> Telstra
> Email: <<mailto:Ash.Garg at telstra.net>>
> BH: +612 6208 1994
> Mob: 0408 687 642
> Fax: +612 6248 6165
> The best way to publicize a governmental or political
> action is to attempt to hide it. -Mark B. Cohen
> ----------------------------------------------------------
> -----Original Message-----
> From: cisco-nas-bounces at puck.nether.net
> [mailto:cisco-nas-bounces at puck.nether.net]On Behalf Of M Mushtaque
> Sent: Monday, 25 August 2003 3:32 AM
> To: wedwards at rnetinc.net
> Cc: cisco-nas at puck.nether.net
> Subject: Re: [cisco-nas] Terrible traffic
> Hello!
> Turn ON the debug to view what type of traffic it is ... two days back
> i hve been go through from this problem it was ICMP echo traffic due to
> Nachi worm. look over the document on cisco's site if its a icmp
> traffic. Just block these type of traffic through ACL.
> regards,
> Mushtaque.
> ----- Original Message -----
> From: wedwards at rnetinc.net
> Date: Sunday, August 24, 2003 11:27 pm
> Subject: [cisco-nas] Terrible traffic
> >
> > Good morning:
> > We are being bombarded by a terrific amount of traffic on our
> > routers. I
> > believe it is from one of the new viruses. These routers are the
> > Cisco AS5248
> > and 5396. Does anyone know how I might help them? Thank you in
> > advance.Bill Edwards
> > Rnet Incorporated
> > wedwards at rnetinc.net
> >
> >
> > -------------------------------------------------
> > This mail sent through RNet Inc. WebMail
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
> >
> >
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
More information about the cisco-nas
mailing list