(RADIATOR) MAx TNT & MSBlast

Jim Brown jimb at dnet.net
Mon Aug 25 22:01:19 CDT 2003 

This is a good question.  There is not much information out there concerning
the filter-ID attribute.  I need to add this attribute to a specific user,
allowing only port 80 to a specific IP address.  Is that possible?


----- Original Message ----- 
From: "Dave Birkbeck" <dbirkbeck at ikano.com>
To: "'Tony Bunce'" <tonyb at go-concepts.com>; "'Sean Watkins (northrock)'"
<sean at northrock.bm>; <radiator at open.com.au>
Sent: Monday, August 25, 2003 7:27 PM
Subject: RE: (RADIATOR) MAx TNT & MSBlast


> All,
>
> In addition to having the ACL's that Cisco recommends. Has anyone come
> up with a Radius ascend-data-filter that will slow down the spread of
> these crazy viruses? Or better yet, a filter that will block ICMP.
>
> Again, I know this is probably not the list for this discussion, but
> this topic is definitely for the greater good of the Internet.
>
> That being said does anyone know of a list that discusses various NAS
> topics?
>
> Thanks,
>
> Dave
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Tony Bunce
> Sent: Friday, August 22, 2003 10:38 AM
> To: Sean Watkins (northrock); radiator at open.com.au
> Subject: RE: (RADIATOR) MAx TNT & MSBlast
>
> This problem is actually caused by the "good" blaster worm nachi
>
> Nachi pings a host before it trys to spread so it doesn't waist its time
> on non-existent hosts.  The problem is that each one of those pings
> generates an arp request and with such a high number of pings MAX TNT
> boxes can't handle the high number of arp request and lock up or reboot
>
> The ping has a specific signature, 92byes all AA as the content, that
> you can create a policy map for
>
> Cisco has an article on how to block Nachi ICMP traffic on your inbound
> router interface
> http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
>
> Hope that helps
>
> Thanks,
> Tony B, CCNA, Network+
> Systems Administration
> GO Concepts, Inc. / www.go-concepts.com
> Are you on the GO yet?
> What about those you know, are they on the GO?
> 513.934.2800
> 1.888.ON.GO.YET
>
> -----Original Message-----
> From: Sean Watkins (northrock) [mailto:sean at northrock.bm]
> Sent: Friday, August 22, 2003 11:41 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) MAx TNT & MSBlast
>
> Hi,
>
> I know this isn't the place, but any MAX TNT users out there seeing
> weird card failures begining with the onslaught of MSBlast? I saw a
> news.com article about it... however I can't find any more info. Anyone
> know of any active ascend / lucent tnt mailing lists?
>
> Sean
>
> Article Text:
>
> In addition, network administrators reported on a newsgroup that
> telecommunications equipment maker Lucent Technologies' TNT MAX network
> gateway crashed due to some interaction with traffic created by the
> MSBlast worms. A representative for the company confirmed that Lucent
> was investigating the issue, but couldn't supply details.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list