Re: TCP session disconnection caused by Code Red?

["Kevin Gannon" <kevin () gannons net>]

Some things that are worth looking if you are running Cisco's
( I blieve the original poster was):

http://www.cisco.com/warp/public/63/ts_codred_worm.html

Regards,
Kevin

 
> mike harrison <meuon () highertech net> wrote
> > Blaz Zupan <blaz () amis net> wrote:
> > > For the last few days, our network seems to be basically unreachable
> > > from the outside. Most incoming TCP sessions (web requests, incoming
> > > mail, telnet sessions, etc.) often fail with a simple "Connection
> > > refused" like nobody is
> >
> > Your routers are brain dead from the load.. routers that are used to
> > handling a few thousand connections are being asked to handle 10's of
> > thousands. 1 good 1000+ address scan from an ISDN user kills my
> > Lucent/Ascend TNT unless we filter for it. 
>
> I've been told (but not given permission to forward details of
> who/how/what) that some major sites with a single router
> and relatively flat network topology are dying due to the ARP
> request flood that is being generated by Code Red scans on the
> inside of their border router choking the router.  Check the
> rate of ARP requests coming off your border router and see if
> it seems excessive; if so, that may be it.
>
>
> -george william herbert
> gherbert () retro com