nanog mailing list archives
Re: RPC errors
From: Jack Bates <jbates () brightok net>
Date: Mon, 11 Aug 2003 17:43:10 -0500
Mark Segal wrote:
There is legitimate use for 135, although normally it is not used in the wild much. From what I can see, the 10% traffic mark is about average and should mostly be infected systems. I've seen some tight-in network scans from one of my networks to the others (within the same /18). Still monitoring loads before I decide to crank in lists between networks to limit cross infection. Tomorrow starts the fun... EU contact.I just put an access list on one of our cores with some spare cpu cycles.. And 10% of the traffic looks like port 135 calls..... Anyone else see this? Did I break anything legitimate?
I plan to open up inbound first and let user's get infected, tracking and purifying my network for about a week, perhaps two. Then I'll reopen the network for full traffic if it looks clean enough. Emergency "Good Neighbor" policy. :)
-Jack
Current thread:
- RE: RPC errors, (continued)
- RE: RPC errors Kevin Houle (Aug 11)
- RE: RPC errors Drew Weaver (Aug 11)
- RE: RPC errors Brennan_Murphy (Aug 11)
- Re: RPC errors John Dvorak (Aug 11)
- RE: RPC errors Bob German (Aug 11)
- Re: RPC errors Michael Painter (Aug 11)
- RE: RPC errors Brennan_Murphy (Aug 11)
- RE: RPC errors Rob Thomas (Aug 11)
- RE: RPC errors Mike Damm (Aug 11)
- RE: RPC errors Mark Segal (Aug 11)
- Re: RPC errors Jack Bates (Aug 11)
- Re: RPC errors Randy Bush (Aug 11)
- Re: RPC errors John Palmer (Aug 11)
- Re: RPC errors Jim Shankland (Aug 11)
- Re: RPC errors Jack Bates (Aug 12)
- Re: RPC errors Jack Bates (Aug 11)
- RE: RPC errors Dan Hollis (Aug 12)