Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: weird

From: "kenzo" <kenzo_chin () hotmail com>
Date: Sun, 22 Feb 2004 23:05:08 -0600
I hope it's a faulty nic somewhere.  We're going to get a fluke device smf
try and yo find the problem.


----- Original Message ----- 
From: "Cesar Osorio" <COsorio () awb com au>
To: "kenzo" <kenzo_chin () hotmail com>
Cc: <security-basics () securityfocus com>
Sent: Sunday, February 22, 2004 3:44 PM
Subject: Re: weird




K,

This could be a BROADCAST storm caused by a faulty nic...Assuming your
network has not been compromised...
Finding a faulty nic in not easy...I do not think, but if you start

setting

some sort of monitoring on your switches it may be easier to spot it ..
hope this help .

Cesar



                      "kenzo"
                      <kenzo_chin@hotma        To:

<security-basics () securityfocus com>

                      il.com>                  cc:
                                               Subject:  weird
                      20/02/2004 13:15






This weird thing happened at work.
Everything was fine, then all of sudden the whole network freezes.
All the swicthes and hub lights are blinking like there's no tomorow.
So much traffic going on I can't even ping the computer accross me on the
same switch.
Then it stops and everything is back to normal. That happened twice.
I use Ntop to watch for protocol usage to find infected computers(when

that

happens) and people using other protocols that the're not suppose to.

When

this happens the box crashes.
I tried using ethereal to see if I saw anything but of course it doesn't
happen when I'm ready for it.
I looked thru the traffic that I gathered from ethereal but none seem to
really stick out.
I'm not an expert, so the only thing that I know that will do the same
thing
is flooding the network with ramdom MAC addresses. Or maybe a major arp
flooding or something.
I haven't tried the arp flooding, but I know that the Mac flooding does

the

same thing.

What could it be?  Did someone flood the network on purpose? If so, how do
I
track it?
Or could it be that a bad Nic or device on the network just went crazy for
a
while. (That's what my boss seems to think.) Even then, how do I track it?

Thanks.


--------------------------------------------------------------------------

-

Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
--------------------------------------------------------------------------

--











---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: