No subject


Tue Jun 24 01:22:23 CDT 2008


Filter network traffic
  Sites are encouraged to block network access to the following relevant
  ports   at  network  borders.  This  can  minimize  the potential  of
  denial-of-service  attacks originating from outside the perimeter. The
  specific services that should be blocked include
    * 69/UDP
    * 135/TCP
    * 135/UDP
    * 139/TCP
    * 139/UDP
    * 445/TCP
    * 445/UDP
    * 4444/TCP
 



-----Original Message-----
From: Dave Birkbeck [mailto:dbirkbeck at ikano.com] 
Sent: Monday, August 25, 2003 4:28 PM
To: 'Tony Bunce'; 'Sean Watkins (northrock)'; radiator at open.com.au
Subject: RE: (RADIATOR) MAx TNT & MSBlast 


All,

In addition to having the ACL's that Cisco recommends. Has anyone come up with a Radius ascend-data-filter that will slow down the spread of these crazy viruses? Or better yet, a filter that will block ICMP.

Again, I know this is probably not the list for this discussion, but this topic is definitely for the greater good of the Internet.

That being said does anyone know of a list that discusses various NAS topics? 

Thanks,

Dave


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Tony Bunce
Sent: Friday, August 22, 2003 10:38 AM
To: Sean Watkins (northrock); radiator at open.com.au
Subject: RE: (RADIATOR) MAx TNT & MSBlast 

This problem is actually caused by the "good" blaster worm nachi

Nachi pings a host before it trys to spread so it doesn't waist its time on non-existent hosts.  The problem is that each one of those pings generates an arp request and with such a high number of pings MAX TNT boxes can't handle the high number of arp request and lock up or reboot

The ping has a specific signature, 92byes all AA as the content, that you can create a policy map for

Cisco has an article on how to block Nachi ICMP traffic on your inbound router interface http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

Hope that helps

Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those you know, are they on the GO?
513.934.2800
1.888.ON.GO.YET

-----Original Message-----
From: Sean Watkins (northrock) [mailto:sean at northrock.bm] 
Sent: Friday, August 22, 2003 11:41 AM
To: radiator at open.com.au
Subject: (RADIATOR) MAx TNT & MSBlast 

Hi,
 
I know this isn't the place, but any MAX TNT users out there seeing weird card failures begining with the onslaught of MSBlast? I saw a news.com article about it... however I can't find any more info. Anyone know of any active ascend / lucent tnt mailing lists? 
 
Sean
 
Article Text:
 
In addition, network administrators reported on a newsgroup that telecommunications equipment maker Lucent Technologies' TNT MAX network gateway crashed due to some interaction with traffic created by the MSBlast worms. A representative for the company confirmed that Lucent was investigating the issue, but couldn't supply details. 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

-------------------------------------------------------------
This email and the files transmitted with it are confidential
and intended solely for the use of the individual or entity to 
which they are addressed. If you have received this email in
error, please notify the sender.

This footnote also confirms that this email message
and attachments have been scanned for the presence 
of computer viruses.
-------------------------------------------------------------

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list