[60881] in North American Network Operators' Group
RE: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?)
daemon@ATHENA.MIT.EDU (Ingevaldson, Dan (ISS Atlanta))
Tue Aug 19 15:32:23 2003
Date: Tue, 19 Aug 2003 12:29:54 -0400
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>
To: "Paul Jasa" <pjasa@univision.net>, <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
The "Nachi" worm propagates via MSRPC DCOM and the IIS WebDAV bug. It
may be causing this storm because it runs 300 scanning threads, and it
pings each IP first.
http://xforce.iss.net/xforce/alerts/id/150
MS Blast wasn't multithreaded.
Regards,
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Daniel Ingevaldson
Engineering Manager, X-Force R&D
dsi@iss.net=20
404-236-3160
=20
Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
-----Original Message-----
From: Paul Jasa [mailto:pjasa@univision.net]=20
Sent: Tuesday, August 19, 2003 12:19 PM
To: nanog@merit.edu
Subject: AT&T Blocking ICMP (was RE: AT&T US Network Slowdown?)
A call to AT&T Worldnet confirms that AT&T Worldnet service is blocking
ICMP in order to deal with an undefined emergency. Nothing posted on
their site, nor any other info is available. If anyone has info related
to this "icmp outage", please advise. Thanks! pj
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Paul Jasa=20
Network Engineer=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-----Original Message-----
From: Sean Crandall [mailto:sean@megapath.net]
Sent: Tuesday, August 19, 2003 02:12 AM
To: Paul Jasa; nanog@merit.edu
Subject: RE: AT&T US Network Slowdown?
Importance: High
>=20
> Dear Nanogers,
> Is anyone aware of a "slowdown" issue throughout the US AT&T
> network since 8/18 at around 4pm which is causing a lot of=20
> internet circuits (including DSL) to be inaccessible and/or=20
> appear down from the outside world? AT&T says this has been=20
> escalated to "Level 4" with no ETA and affecting the whole=20
> country. I am seeing this problem in the San Francisco area.=20
> Just wondering if anyone else is experiencing anything that=20
> would confirm AT&T's claim, and fishing for more info about=20
> the possible cause and ETA. Thanks!
We are currently seeing the slowdown on our network in San Jose.
Started about exactly the time frame that you mentioned. The rest of
the country
(oddly) seems unaffected by this at the moment, but San Jose is getting
hammered by something.
Still trying to sort out exactly where it is coming from.
-Sean
Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
Pleasanton, CA 94588
(925) 201-2530
=20
