RE: weird

["MARTIN M. Bénoni" <benoni_martin () hotmail com>]

Hi!

Which protocol do you use for your routers talks? RIP-2? OSPF? ...? The only 
idea I have got is a loop when calculating the new best route...but 
happening twice...?? Misconfiguration of the protocol? Wrong metric?

Compare with Ntop if there has been an huge amount of RIP/OSPF/... requests 
when the trouble occured... If yes, maybe that will be the reason. If 
no...hope someone will have a better idea!


> From: jeff.frost () us army mil
> To: kenzo_chin () hotmail com, security-basics () securityfocus com
> Subject: RE: weird
> Date: Tue, 24 Feb 2004 13:03:46 +0100
>
> Kenzo,
>
> I have seen instances similar to this when a physical loop is created on 
> the
> network.  However, since this is normally done on accident it can take some
> time to find the problem and resolve it (it will not resolve itself).  
> Since
> this problem seems intermittent, it is more likely that you are seeing a
> broadcast storm from a malfunctioning nic, etc...  It is also unlikely that
> you will get the information to track down the problem from ntop.  You need
> a network monitoring tool to capture this data.
>
> Hope this helps...
>
>
> -----Original Message-----
> From: kenzo [mailto:kenzo_chin () hotmail com]
> Sent: Friday, February 20, 2004 3:15 AM
> To: security-basics () securityfocus com
> Subject: weird
>
> This weird thing happened at work.
> Everything was fine, then all of sudden the whole network freezes.
> All the swicthes and hub lights are blinking like there's no tomorow.
> So much traffic going on I can't even ping the computer accross me on the
> same switch.
> Then it stops and everything is back to normal. That happened twice.
> I use Ntop to watch for protocol usage to find infected computers(when that
> happens) and people using other protocols that the're not suppose to.  When
> this happens the box crashes.
> I tried using ethereal to see if I saw anything but of course it doesn't
> happen when I'm ready for it.
> I looked thru the traffic that I gathered from ethereal but none seem to
> really stick out.
> I'm not an expert, so the only thing that I know that will do the same 
> thing
> is flooding the network with ramdom MAC addresses. Or maybe a major arp
> flooding or something.
> I haven't tried the arp flooding, but I know that the Mac flooding does the
> same thing.
>
> What could it be?  Did someone flood the network on purpose? If so, how do 
> I
> track it?
> Or could it be that a bad Nic or device on the network just went crazy for 
> a
> while. (That's what my boss seems to think.) Even then, how do I track it?
>
> Thanks.
>
>
> ---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
> ----------------------------------------------------------------------------

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
----------------------------------------------------------------------------