[74165] in North American Network Operators' Group
Re: Excessive Internet Traffic
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Joe=20Shen?=)
Wed Sep 15 20:48:48 2004
Date: Thu, 16 Sep 2004 08:47:31 +0800 (CST)
From: =?iso-8859-1?q?Joe=20Shen?= <joe_hznm@yahoo.com.sg>
To: Robert Scott <robert@mail.ucf.edu>, nanog@merit.edu
In-Reply-To: <s1482e6a.068@mail.ucf.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Is that a variant of Nachi B. ? The source address may
be generated.
joe
--- Robert Scott <robert@mail.ucf.edu> wrote:
>
> The University of Central Florida has seen a sudden
> jump in tcp 445
> denies. It began a little after 9:00 AM EDST. New
> Worm?
>
> I am denying about 32 thousand packets per second.
> IP Cache flow show
> them well spread over a wide range of addresses,
> targeted at what
> apeears to be a random sample of my class B. The ACL
> on our border
> router is taking 21 million denies every 10 minutes.
>
>
> 60 deny tcp any any eq 445 (346740094 matches)
>
> The packets are small, since I am seeing a large
> nuber of packets, but
> the bit count is low.
> 30 second input rate 72679000 bits/sec, 41033
> packets/sec
> 30 second output rate 29208000 bits/sec, 7687
> packets/sec
> Input bits per second are a little above normal,
> but the packet count
> would normally be under 10000 not 41000.
>
> Ideas?
>
> TIA
>
> AppleBees says "No Anheuser"
> Robert Scott says "NO APPLEBEES!"
> Join The Boycott!
>
> Robert D. Scott
> Associate Director
> Computer Services and Telecommunications
> Network Operations
> University of Central Florida
> Robert@mail.ucf.edu
> CSB-310
> 407-823-0662 Voice
> 407-823-5476 FAX
> 345-0662 Sun-Com
> 877-549-5390 Pager
>
>
__________________________________________________
Do You Yahoo!?
Download the latest ringtones, games, and more!
http://sg.mobile.yahoo.com
