No subject
Tue Jun 24 01:22:23 CDT 2008
Filter network traffic
Sites are encouraged to block network access to the following relevant
ports at network borders. This can minimize the potential of
denial-of-service attacks originating from outside the perimeter. The
specific services that should be blocked include
* 69/UDP
* 135/TCP
* 135/UDP
* 139/TCP
* 139/UDP
* 445/TCP
* 445/UDP
* 4444/TCP
-----Original Message-----
From: Dave Birkbeck [mailto:dbirkbeck at ikano.com]
Sent: Monday, August 25, 2003 4:28 PM
To: 'Tony Bunce'; 'Sean Watkins (northrock)'; radiator at open.com.au
Subject: RE: (RADIATOR) MAx TNT & MSBlast
All,
In addition to having the ACL's that Cisco recommends. Has anyone come up with a Radius ascend-data-filter that will slow down the spread of these crazy viruses? Or better yet, a filter that will block ICMP.
Again, I know this is probably not the list for this discussion, but this topic is definitely for the greater good of the Internet.
That being said does anyone know of a list that discusses various NAS topics?
Thanks,
Dave
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Tony Bunce
Sent: Friday, August 22, 2003 10:38 AM
To: Sean Watkins (northrock); radiator at open.com.au
Subject: RE: (RADIATOR) MAx TNT & MSBlast
This problem is actually caused by the "good" blaster worm nachi
Nachi pings a host before it trys to spread so it doesn't waist its time on non-existent hosts. The problem is that each one of those pings generates an arp request and with such a high number of pings MAX TNT boxes can't handle the high number of arp request and lock up or reboot
The ping has a specific signature, 92byes all AA as the content, that you can create a policy map for
Cisco has an article on how to block Nachi ICMP traffic on your inbound router interface http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
Hope that helps
Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those you know, are they on the GO?
513.934.2800
1.888.ON.GO.YET
-----Original Message-----
From: Sean Watkins (northrock) [mailto:sean at northrock.bm]
Sent: Friday, August 22, 2003 11:41 AM
To: radiator at open.com.au
Subject: (RADIATOR) MAx TNT & MSBlast
Hi,
I know this isn't the place, but any MAX TNT users out there seeing weird card failures begining with the onslaught of MSBlast? I saw a news.com article about it... however I can't find any more info. Anyone know of any active ascend / lucent tnt mailing lists?
Sean
Article Text:
In addition, network administrators reported on a newsgroup that telecommunications equipment maker Lucent Technologies' TNT MAX network gateway crashed due to some interaction with traffic created by the MSBlast worms. A representative for the company confirmed that Lucent was investigating the issue, but couldn't supply details.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
-------------------------------------------------------------
This email and the files transmitted with it are confidential
and intended solely for the use of the individual or entity to
which they are addressed. If you have received this email in
error, please notify the sender.
This footnote also confirms that this email message
and attachments have been scanned for the presence
of computer viruses.
-------------------------------------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list