Re: Level3 routing issues?

[william () elan net]

Really, really bad - most traffic I see is from this virus/dos:

Extended IP access list 152
    deny udp any any eq 1434 (5639464 matches) - 94%
    permit ip any any (311888 matches) - 6%

Wow!!!

On Fri, 24 Jan 2003 michael () aplatform com wrote:

> Really bad.  Quick capture of filter drops:
>
> PROTO 17 (UDP) pkt from (IP's from all over the world)/1033 to (All my IP
> space)/1434 dropped
>
> On Sat, 25 Jan 2003, hc wrote:
>
> > Okay this is getting bad.. one of our routers just locked up from udp
> > 1434's. Can't even telnet to it now.
> >
> > -hc
> >
> > Joel Perez wrote:
> >
> > > My firewalls are going nuts with hits on UDP port 1434 also from
> > > everywhere!
> > >
> > >   -----Original Message-----
> > >   From: Aaron Burnett [mailto:listkeep () yet-another com]
> > >   Sent: Sat 1/25/2003 1:19 AM
> > >   To: Alex Rubenstein
> > >   Cc: hc; nanog () merit edu
> > >   Subject: Re: Level3 routing issues?
> > >
> > >
> > >
> > >
> > >
> > >   On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> > >
> > >   >
> > >   >
> > >   > I dunno about that. But, I am seeing, in the last couple hours,
> > > all kinds
> > >   > of new traffic.
> > >   >
> > >   > like, customers who never get attacked or anything, all of a
> > > sudden:
> > >   >
> > >   >
> > > http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
> > >   >
> > >   >
> > >   > We are seeing this on ports all across out network -- nearly 1/2
> > > our ports
> > >   > are in delta alarm right now.
> > >   >
> > >   > Anyone else?
> > >   >
> > >
> > >   Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from
> > > all over
> > >   the world to any address on my network.