(RADIATOR) MAx TNT & MSBlast
Tony Bunce
tonyb at go-concepts.com
Fri Aug 22 11:37:55 CDT 2003
This problem is actually caused by the "good" blaster worm nachi
Nachi pings a host before it trys to spread so it doesn't waist its time on non-existent hosts. The problem is that each one of those pings generates an arp request and with such a high number of pings MAX TNT boxes can't handle the high number of arp request and lock up or reboot
The ping has a specific signature, 92byes all AA as the content, that you can create a policy map for
Cisco has an article on how to block Nachi ICMP traffic on your inbound router interface
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
Hope that helps
Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those you know, are they on the GO?
513.934.2800
1.888.ON.GO.YET
-----Original Message-----
From: Sean Watkins (northrock) [mailto:sean at northrock.bm]
Sent: Friday, August 22, 2003 11:41 AM
To: radiator at open.com.au
Subject: (RADIATOR) MAx TNT & MSBlast
Hi,
I know this isn't the place, but any MAX TNT users out there seeing weird card failures begining with the onslaught of MSBlast? I saw a news.com article about it... however I can't find any more info. Anyone know of any active ascend / lucent tnt mailing lists?
Sean
Article Text:
In addition, network administrators reported on a newsgroup that telecommunications equipment maker Lucent Technologies' TNT MAX network gateway crashed due to some interaction with traffic created by the MSBlast worms. A representative for the company confirmed that Lucent was investigating the issue, but couldn't supply details.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list