[55065] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (william@elan.net)
Sat Jan 25 05:33:12 2003
Date: Fri, 24 Jan 2003 22:38:31 -0800 (PST)
From: william@elan.net
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.53.0301242317580.6183@af1.ncyngsbez.pbz>
Errors-To: owner-nanog-outgoing@merit.edu
Really, really bad - most traffic I see is from this virus/dos:
Extended IP access list 152
deny udp any any eq 1434 (5639464 matches) - 94%
permit ip any any (311888 matches) - 6%
Wow!!!
On Fri, 24 Jan 2003 michael@aplatform.com wrote:
>
>
> Really bad. Quick capture of filter drops:
>
> PROTO 17 (UDP) pkt from (IP's from all over the world)/1033 to (All my IP
> space)/1434 dropped
>
> On Sat, 25 Jan 2003, hc wrote:
>
> >
> > Okay this is getting bad.. one of our routers just locked up from udp
> > 1434's. Can't even telnet to it now.
> >
> > -hc
> >
> > Joel Perez wrote:
> >
> > >My firewalls are going nuts with hits on UDP port 1434 also from
> > >everywhere!
> > >
> > > -----Original Message-----
> > > From: Aaron Burnett [mailto:listkeep@yet-another.com]
> > > Sent: Sat 1/25/2003 1:19 AM
> > > To: Alex Rubenstein
> > > Cc: hc; nanog@merit.edu
> > > Subject: Re: Level3 routing issues?
> > >
> > >
> > >
> > >
> > >
> > > On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> > >
> > > >
> > > >
> > > > I dunno about that. But, I am seeing, in the last couple hours,
> > >all kinds
> > > > of new traffic.
> > > >
> > > > like, customers who never get attacked or anything, all of a
> > >sudden:
> > > >
> > > >
> > >http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
> > > >
> > > >
> > > > We are seeing this on ports all across out network -- nearly 1/2
> > >our ports
> > > > are in delta alarm right now.
> > > >
> > > > Anyone else?
> > > >
> > >
> > > Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from
> > >all over
> > > the world to any address on my network.
> > >
> > >
> > >
> > >
> > >
> >
> >
