(RADIATOR) MAx TNT & MSBlast

Dave Birkbeck dbirkbeck at ikano.com
Mon Aug 25 18:27:54 CDT 2003 

All,

In addition to having the ACL's that Cisco recommends. Has anyone come
up with a Radius ascend-data-filter that will slow down the spread of
these crazy viruses? Or better yet, a filter that will block ICMP.

Again, I know this is probably not the list for this discussion, but
this topic is definitely for the greater good of the Internet.

That being said does anyone know of a list that discusses various NAS
topics? 

Thanks,

Dave


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Tony Bunce
Sent: Friday, August 22, 2003 10:38 AM
To: Sean Watkins (northrock); radiator at open.com.au
Subject: RE: (RADIATOR) MAx TNT & MSBlast 

This problem is actually caused by the "good" blaster worm nachi

Nachi pings a host before it trys to spread so it doesn't waist its time
on non-existent hosts.  The problem is that each one of those pings
generates an arp request and with such a high number of pings MAX TNT
boxes can't handle the high number of arp request and lock up or reboot

The ping has a specific signature, 92byes all AA as the content, that
you can create a policy map for

Cisco has an article on how to block Nachi ICMP traffic on your inbound
router interface
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

Hope that helps

Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those you know, are they on the GO?
513.934.2800
1.888.ON.GO.YET

-----Original Message-----
From: Sean Watkins (northrock) [mailto:sean at northrock.bm] 
Sent: Friday, August 22, 2003 11:41 AM
To: radiator at open.com.au
Subject: (RADIATOR) MAx TNT & MSBlast 

Hi,
 
I know this isn't the place, but any MAX TNT users out there seeing
weird card failures begining with the onslaught of MSBlast? I saw a
news.com article about it... however I can't find any more info. Anyone
know of any active ascend / lucent tnt mailing lists? 
 
Sean
 
Article Text:
 
In addition, network administrators reported on a newsgroup that
telecommunications equipment maker Lucent Technologies' TNT MAX network
gateway crashed due to some interaction with traffic created by the
MSBlast worms. A representative for the company confirmed that Lucent
was investigating the issue, but couldn't supply details. 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list