...

Is anyone out there tracking down some weird network behavior yesterday and today? I'm not talking about ping traffic from the worm or anything like that, I'm seeing TNT MAX boxes go unpingable, arp broadcast storms, one way traffic blocks on T1's between cisco routers, stuff that I have not been able to explain yet.

I'm seeing the exact same issues with the TNTs and am in the process of trying to track down exactly what is causing it. So far no pattern has emerged.

go here http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml Implement the 92byte ping filter on all interfaces that are allowing the worm's pings thru, solved our problem perfectly. The problem is when the worm pings IP addresses that have nothing on them it creates the arp request, as the number of those requests build some devices can't handle it and it's crashing them. The TNT is one of the more braindead of those devices. I'd be interested in knowing what other devices are also failing from this. Geo.