[39690] in North American Network Operators' Group
Re: Code Red
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Fri Jul 20 02:43:50 2001
Date: Fri, 20 Jul 2001 08:43:09 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: <nanog@merit.edu>
In-Reply-To: <20010720031208.23684.qmail@prophecy.lightbearer.com>
Message-ID: <Pine.LNX.4.33.0107200840340.2352-100000@uplift.swm.pp.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 19 Jul 2001 lucifer@lightbearer.com wrote:
> Reports from our monitoring systems saw the CPU usage jump by somewhere
> between 150-200% for our core routers today; our current theory is that
One of our downstreams with a /20 had not nullrouted their /20, so any
nets not in use bounced back to us via their default route. This caused
approx 4-8 megabit of traffic on their line due to all the scanning. After
our customer put in a null route for their /20, the traffic problem
ceased.
The ping-pong routing was causing his 2600 to use a lot of cpu. I do
expect most people to null route their nets, but if someone hasn't, this
can cause problems due to scanning.
--
Mikael Abrahamsson email: swmike@swm.pp.se
