Security Basics mailing list archives
Re: weird
From: "kenzo" <kenzo_chin () hotmail com>
Date: Sun, 22 Feb 2004 23:05:08 -0600
I hope it's a faulty nic somewhere. We're going to get a fluke device smf try and yo find the problem. ----- Original Message ----- From: "Cesar Osorio" <COsorio () awb com au> To: "kenzo" <kenzo_chin () hotmail com> Cc: <security-basics () securityfocus com> Sent: Sunday, February 22, 2004 3:44 PM Subject: Re: weird
K, This could be a BROADCAST storm caused by a faulty nic...Assuming your network has not been compromised... Finding a faulty nic in not easy...I do not think, but if you start
setting
some sort of monitoring on your switches it may be easier to spot it .. hope this help . Cesar "kenzo" <kenzo_chin@hotma To:
<security-basics () securityfocus com>
il.com> cc: Subject: weird 20/02/2004 13:15 This weird thing happened at work. Everything was fine, then all of sudden the whole network freezes. All the swicthes and hub lights are blinking like there's no tomorow. So much traffic going on I can't even ping the computer accross me on the same switch. Then it stops and everything is back to normal. That happened twice. I use Ntop to watch for protocol usage to find infected computers(when
that
happens) and people using other protocols that the're not suppose to.
When
this happens the box crashes. I tried using ethereal to see if I saw anything but of course it doesn't happen when I'm ready for it. I looked thru the traffic that I gathered from ethereal but none seem to really stick out. I'm not an expert, so the only thing that I know that will do the same thing is flooding the network with ramdom MAC addresses. Or maybe a major arp flooding or something. I haven't tried the arp flooding, but I know that the Mac flooding does
the
same thing. What could it be? Did someone flood the network on purpose? If so, how do I track it? Or could it be that a bad Nic or device on the network just went crazy for a while. (That's what my boss seems to think.) Even then, how do I track it? Thanks. --------------------------------------------------------------------------
-
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- RE: weird, (continued)
- RE: weird Chris McClincy (Feb 24)
- Re: weird Byron Sonne (Feb 24)
- Re: weird Aaron Keck (Feb 24)
- Re: weird sunflower (Feb 25)
- Re: weird Secdigital (Feb 24)
- Re: weird Michael Gale (Feb 25)
- Re: weird H Carvey (Feb 24)
- RE: weird Hagen, Eric (Feb 24)
- RE: weird jeff . frost (Feb 24)
- Re: weird Cesar Osorio (Feb 24)
- Re: weird kenzo (Feb 24)
- RE: weird Day, David (Feb 25)
- RE: weird MARTIN M. Bénoni (Feb 25)