nanog mailing list archives

Re: Excessive Internet Traffic

From: Joe Shen <joe_hznm () yahoo com sg>
Date: Thu, 16 Sep 2004 08:47:31 +0800 (CST)


Is that a variant of Nachi B. ? The source address may
be generated.
joe

 --- Robert Scott <robert () mail ucf edu> wrote:


The University of Central Florida has seen a sudden
jump in tcp 445
denies. It began a little after 9:00 AM EDST. New
Worm?

I am denying about 32 thousand packets per second.
IP Cache flow show
them well spread over a wide range of addresses,
targeted at what
apeears to be a random sample of my class B. The ACL
on our border
router is taking 21 million denies every 10 minutes.


60 deny tcp any any eq 445 (346740094 matches)

The packets are small, since I am seeing a large
nuber of packets, but
the bit count is low.
  30 second input rate 72679000 bits/sec, 41033
packets/sec
  30 second output rate 29208000 bits/sec, 7687
packets/sec
 Input bits per second are a little above normal,
but the packet count
would normally be under 10000 not 41000.

Ideas?

TIA

AppleBees says "No Anheuser"
Robert Scott says "NO APPLEBEES!"
Join The Boycott!

Robert D. Scott
Associate Director
Computer Services and Telecommunications
Network Operations
University of Central Florida
Robert () mail ucf edu
CSB-310
407-823-0662  Voice
407-823-5476  FAX
345-0662  Sun-Com
877-549-5390 Pager


__________________________________________________
Do You Yahoo!?
Download the latest ringtones, games, and more!
http://sg.mobile.yahoo.com

Current thread:

Excessive Internet Traffic Robert Scott (Sep 15)
- Re: Excessive Internet Traffic Stephen J. Wilcox (Sep 15)
- Re: Excessive Internet Traffic Joe Shen (Sep 15)
- <Possible follow-ups>
- Re: Excessive Internet Traffic J. Oquendo (Sep 15)