Security Basics mailing list archives

Re: weird

From: Michael Gale <michael () bluesuperman com>
Date: Mon, 23 Feb 2004 19:24:28 -0700

Hello,

        I would look for large UDP or TCP packets, once where I used to work
someone was testing a PPTP connection on something and would send out
a large amount of large UDP packets every 20mins. There where on their
own little cheap switch. Their traffic would fill all the buffers on the
switch and the main one they where connected two causing a main switch
to broadcast these UDP packets across the entire network. 

Making the whole network unusable for about 5mins at a time.

Michael.



On Thu, 19 Feb 2004 20:15:29 -0600
"kenzo" <kenzo_chin () hotmail com> wrote:

This weird thing happened at work.
Everything was fine, then all of sudden the whole network freezes.
All the swicthes and hub lights are blinking like there's no tomorow.
So much traffic going on I can't even ping the computer accross me on
the same switch.
Then it stops and everything is back to normal. That happened twice.
I use Ntop to watch for protocol usage to find infected computers(when
that happens) and people using other protocols that the're not suppose
to.  When this happens the box crashes.
I tried using ethereal to see if I saw anything but of course it
doesn't happen when I'm ready for it.
I looked thru the traffic that I gathered from ethereal but none seem
to really stick out.
I'm not an expert, so the only thing that I know that will do the same
thing is flooding the network with ramdom MAC addresses. Or maybe a
major arp flooding or something.
I haven't tried the arp flooding, but I know that the Mac flooding
does the same thing.

What could it be?  Did someone flood the network on purpose? If so,
how do I track it?
Or could it be that a bad Nic or device on the network just went crazy
for a while. (That's what my boss seems to think.) Even then, how do I
track it?

Thanks.


---------------------------------------------------------------------
------ Free trial: Astaro Security Linux -- firewall with Spam/Virus
Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
---------------------------------------------------------------------
-------



-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------

Current thread:

weird kenzo (Feb 20)
- RE: weird Chris McClincy (Feb 24)
- Re: weird Byron Sonne (Feb 24)
- Re: weird Aaron Keck (Feb 24)
  - Re: weird sunflower (Feb 25)
- Re: weird Secdigital (Feb 24)
- Re: weird Michael Gale (Feb 25)
- <Possible follow-ups>
- Re: weird H Carvey (Feb 24)
- RE: weird Hagen, Eric (Feb 24)
- RE: weird jeff . frost (Feb 24)
- Re: weird Cesar Osorio (Feb 24)
  - Re: weird kenzo (Feb 24)
- RE: weird Day, David (Feb 25)
- RE: weird MARTIN M. Bénoni (Feb 25)