While trying to modify the ACL's, I had to disable two trunks into that switch. I could telnet into the supervisor no problem. When I tried "sess 4" or "sess 7" I would get a timeout.
I read reports of routers hanging under the load. This what I think happened to BofA. The routers probably couldn't handle the load of all that traffic. Maybe some hung and required manual intervention. IMHO, SQL wasn't their problem. High traffic levels was. I know I couldn't connect to my VPN and it took several tries with SSH to get into one of my Unix machines. How would I handle this type of problem in the future? Good question to which I'm not sure I have a good answer. We are replacing our core 5500's with 6500's. Our backbones from 100FX to GigE. Our Internet connection from OC-3 to GigE. Maybe the additional horsepower will help. Maybe it will hammer the servers so hard they crash and I can't do anything. In a way, I was taking a small risk with putting in firewall rules and ACLs to block this traffic. I'm working with people on campus to add firewall rules, but I may not do it without their permission. That and people are free to put anything they want on the network. If this were a corporate network and not an education network, I would convince the CIO/CTO/CEO that we need to tighten security. Here, I have to convince the technicians in each college and division that security is good. What would happen if this worm was a TCP port 80, TCP port 53 or UDP port 53 worm? Ken >>> "Amazing" 01/26/03 06:15PM >>> what's amazing are the assumptions that people are making--who says tht BoA servers or any BoA database were comprimised? who says they are even running MS-SQL? Read how the worm is spreading and you will understand that you dont have to be running anything that can be affected by the worm. my guess is that a company with LARGE blocks of routable addresses and probably very high speed connections to the Internet might have bigger problems with this worm which in effect becomes a denial of service attack on their edge devices even if they are filtering out udp 1494 at the edge. take a look at the post by Ken and observe what is happening to the CPU of one of his router blades..... i definitely agree with your comment about the security con artist comparison the y2k consultants [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61938&t=61891 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
