nanog mailing list archives
RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?)
From: Mark Segal <MSegal () Corporate FCIBroadband com>
Date: Tue, 19 Aug 2003 13:41:36 -0400
<Snip> UPDATED: The Nachi worm will infect vulnerable Windows XP and 2000 machines using the same exploit used by the MS Blast worm family. The main difference between Nachi and MS Blast, is that Nachi will remove and disable MS Blast infections that it encounters, and download and install the correct MSRPC DCOM patch from Microsoft. This action will permanently close the MSRPC DCOM vulnerability. The Nachi worm will not patch the WebDAV vulnerability on Windows 2000 Servers. </snip> Patches DCOM and removes MBLAST.. Why doesn't Microsoft release this, or did they? :). mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband -----Original Message----- From: Ingevaldson, Dan (ISS Atlanta) [mailto:dsi () iss net] Sent: August 19, 2003 12:30 PM To: Paul Jasa; nanog () merit edu Subject: RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) The "Nachi" worm propagates via MSRPC DCOM and the IIS WebDAV bug. It may be causing this storm because it runs 300 scanning threads, and it pings each IP first. http://xforce.iss.net/xforce/alerts/id/150 MS Blast wasn't multithreaded. Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D dsi () iss net 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: Paul Jasa [mailto:pjasa () univision net] Sent: Tuesday, August 19, 2003 12:19 PM To: nanog () merit edu Subject: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) A call to AT&T Worldnet confirms that AT&T Worldnet service is blocking ICMP in order to deal with an undefined emergency. Nothing posted on their site, nor any other info is available. If anyone has info related to this "icmp outage", please advise. Thanks! pj ====================================== Paul Jasa Network Engineer ====================================== -----Original Message----- From: Sean Crandall [mailto:sean () megapath net] Sent: Tuesday, August 19, 2003 02:12 AM To: Paul Jasa; nanog () merit edu Subject: RE: AT&T US Network Slowdown? Importance: High
Dear Nanogers, Is anyone aware of a "slowdown" issue throughout the US AT&T network since 8/18 at around 4pm which is causing a lot of internet circuits (including DSL) to be inaccessible and/or appear down from the outside world? AT&T says this has been escalated to "Level 4" with no ETA and affecting the whole country. I am seeing this problem in the San Francisco area. Just wondering if anyone else is experiencing anything that would confirm AT&T's claim, and fishing for more info about the possible cause and ETA. Thanks!
We are currently seeing the slowdown on our network in San Jose. Started about exactly the time frame that you mentioned. The rest of the country (oddly) seems unaffected by this at the moment, but San Jose is getting hammered by something. Still trying to sort out exactly where it is coming from. -Sean Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. Pleasanton, CA 94588 (925) 201-2530
Current thread:
- AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) Paul Jasa (Aug 19)
- Re: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) Valdis . Kletnieks (Aug 19)
- <Possible follow-ups>
- RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) Ingevaldson, Dan (ISS Atlanta) (Aug 19)
- RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?) Mark Segal (Aug 19)