Some things that are worth looking if you are running Cisco's ( I blieve the original poster was): http://www.cisco.com/warp/public/63/ts_codred_worm.html Regards, Kevin
mike harrison <meuon@highertech.net> wrote
Blaz Zupan <blaz@amis.net> wrote:
For the last few days, our network seems to be basically unreachable from the outside. Most incoming TCP sessions (web requests, incoming mail, telnet sessions, etc.) often fail with a simple "Connection refused" like nobody is
Your routers are brain dead from the load.. routers that are used to handling a few thousand connections are being asked to handle 10's of thousands. 1 good 1000+ address scan from an ISDN user kills my Lucent/Ascend TNT unless we filter for it.
I've been told (but not given permission to forward details of who/how/what) that some major sites with a single router and relatively flat network topology are dying due to the ARP request flood that is being generated by Code Red scans on the inside of their border router choking the router. Check the rate of ARP requests coming off your border router and see if it seems excessive; if so, that may be it.
-george william herbert gherbert@retro.com