nanog mailing list archives

Re: RPC errors

From: Jack Bates <jbates () brightok net>
Date: Mon, 11 Aug 2003 17:43:10 -0500


Mark Segal wrote:

I just put an access list on one of our cores with some spare cpu cycles..
And 10% of the traffic looks like port 135 calls.....  Anyone else see this?
Did I break anything legitimate?

There is legitimate use for 135, although normally it is not used in thewild much. From what I can see, the 10% traffic mark is about averageand should mostly be infected systems. I've seen some tight-in networkscans from one of my networks to the others (within the same /18). Stillmonitoring loads before I decide to crank in lists between networks tolimit cross infection. Tomorrow starts the fun... EU contact.

I plan to open up inbound first and let user's get infected, trackingand purifying my network for about a week, perhaps two. Then I'll reopenthe network for full traffic if it looks clean enough. Emergency "GoodNeighbor" policy. :)



-Jack

Current thread:

RE: RPC errors, (continued)
- - RE: RPC errors Kevin Houle (Aug 11)
- RE: RPC errors Drew Weaver (Aug 11)
- RE: RPC errors Brennan_Murphy (Aug 11)
- Re: RPC errors John Dvorak (Aug 11)
  - RE: RPC errors Bob German (Aug 11)
  - Re: RPC errors Michael Painter (Aug 11)
- RE: RPC errors Brennan_Murphy (Aug 11)
  - RE: RPC errors Rob Thomas (Aug 11)
- RE: RPC errors Mike Damm (Aug 11)
- RE: RPC errors Mark Segal (Aug 11)
  - Re: RPC errors Jack Bates (Aug 11)
    - Re: RPC errors Randy Bush (Aug 11)
    - Re: RPC errors John Palmer (Aug 11)
    - Re: RPC errors Jim Shankland (Aug 11)
    - Re: RPC errors Jack Bates (Aug 12)
- RE: RPC errors McBurnett, Jim (Aug 11)
- RE: RPC errors Sean Crandall (Aug 11)
  - RE: RPC errors Dan Hollis (Aug 12)
- RE: RPC errors Austad, Jay (Aug 12)
- RE: RPC errors Vachon, Scott (Aug 12)
- RE: RPC errors Vachon, Scott (Aug 12)

(Thread continues...)