Security Incidents mailing list archives
Re: DUP packet replies at tvguide.com
From: bob () CAVU COM (Bob)
Date: Wed, 15 Mar 2000 11:49:05 -0500
Simon wrote:
Could this be WLBS (Windows Load Balancing Service) in all it's glory?
Oh, I strongly suspect that that it is a case of misconfigured WLBS. I would bet that this is user error, though.
Since Windows ping doesn't report the extra replies, it would have gone unnoticed by many.
This DEFINITELY is the case. When I was on the phone to their technical types reporting the problem they confirmed that their windows ping did not show the problem. I *pleaded* with them to try a UNIX or Linux ping or use a LAN analyzer, clearly to no effect.
Next time I have WLBS setup in our lab I'll test for this and let the list know.
Perhaps ping needs to be setup as a 'balanced' service to prevent all the pooled servers from responding...
My tcpdump analysis showed that the problem also occurs on TCP traffic to port 80, their web server. (One of their technical people said that ping "was supposed to be disabled".)
Simon Gales SGales () OnSphere com
Bob Toxen http://www.cavu.com Fly-By-Day Consulting, Inc. -----Original Message----- ...
Current thread:
- DUP packet replies at tvguide.com Bob (Mar 09)
- <Possible follow-ups>
- Re: DUP packet replies at tvguide.com GALES,SIMON (Non-A-ColSprings,ex1) (Mar 13)
- Re: DUP packet replies at tvguide.com Christopher L. Morrow (Mar 14)
- Re: DUP packet replies at tvguide.com Bob (Mar 15)