Security Basics mailing list archives
RE: weird
From: "MARTIN M. Bénoni" <benoni_martin () hotmail com>
Date: Wed, 25 Feb 2004 08:26:30 +0000
Hi!Which protocol do you use for your routers talks? RIP-2? OSPF? ...? The only idea I have got is a loop when calculating the new best route...but happening twice...?? Misconfiguration of the protocol? Wrong metric?
Compare with Ntop if there has been an huge amount of RIP/OSPF/... requests when the trouble occured... If yes, maybe that will be the reason. If no...hope someone will have a better idea!
From: jeff.frost () us army mil To: kenzo_chin () hotmail com, security-basics () securityfocus com Subject: RE: weird Date: Tue, 24 Feb 2004 13:03:46 +0100 Kenzo,I have seen instances similar to this when a physical loop is created on thenetwork. However, since this is normally done on accident it can take sometime to find the problem and resolve it (it will not resolve itself). Sincethis problem seems intermittent, it is more likely that you are seeing a broadcast storm from a malfunctioning nic, etc... It is also unlikely that you will get the information to track down the problem from ntop. You need a network monitoring tool to capture this data. Hope this helps... -----Original Message----- From: kenzo [mailto:kenzo_chin () hotmail com] Sent: Friday, February 20, 2004 3:15 AM To: security-basics () securityfocus com Subject: weird This weird thing happened at work. Everything was fine, then all of sudden the whole network freezes. All the swicthes and hub lights are blinking like there's no tomorow. So much traffic going on I can't even ping the computer accross me on the same switch. Then it stops and everything is back to normal. That happened twice. I use Ntop to watch for protocol usage to find infected computers(when that happens) and people using other protocols that the're not suppose to. When this happens the box crashes. I tried using ethereal to see if I saw anything but of course it doesn't happen when I'm ready for it. I looked thru the traffic that I gathered from ethereal but none seem to really stick out.I'm not an expert, so the only thing that I know that will do the same thingis flooding the network with ramdom MAC addresses. Or maybe a major arp flooding or something. I haven't tried the arp flooding, but I know that the Mac flooding does the same thing.What could it be? Did someone flood the network on purpose? If so, how do Itrack it?Or could it be that a bad Nic or device on the network just went crazy for awhile. (That's what my boss seems to think.) Even then, how do I track it? Thanks. --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
_________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: weird, (continued)
- Re: weird Aaron Keck (Feb 24)
- Re: weird sunflower (Feb 25)
- Re: weird Secdigital (Feb 24)
- Re: weird Michael Gale (Feb 25)
- Re: weird H Carvey (Feb 24)
- RE: weird Hagen, Eric (Feb 24)
- RE: weird jeff . frost (Feb 24)
- Re: weird Cesar Osorio (Feb 24)
- Re: weird kenzo (Feb 24)
- RE: weird Day, David (Feb 25)
- RE: weird MARTIN M. Bénoni (Feb 25)
- Re: weird Aaron Keck (Feb 24)