[nsp] Nachi WORM & ICMP floods of ICMP packets ..

Ralph Doncaster ralph at istop.com
Wed Sep 3 23:28:28 EDT 2003


access-list 123 deny   tcp any any eq 135 log-input

Then we track down the customers that are infected and get them to clean
up their machine.

-Ralph

On Wed, 3 Sep 2003, Brian R. Watters wrote:

> Hello All,
>
> What is everyone out there doing for the affects of the Nachi WORM?? .. We
> have many many clients that are infected as well as of course getting HIT
> from the world with these floods of ICMP pings .. Attempting to drop these
> packets via a policy route map kills the CPU on the router (7206VXF NPE-300
> with full Memory) and of course using a ACL to drip ICMP kills our ability
> to PING as well as our many clients who have IT staff OFFNET to look into
> there networks via PING .. It also kills our internal monitors of our
> clients .. Anyone have any ideas? .. We can't be the only folks getting this
> ..
>
>
> Brian
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list