Hi Laura, It seems unlikely that this problem is based on any type of an attack. It seems more reasonable to assume that something in the transfer path is either failing or is misconfigured. Keep in mind that the FTP protocol is designed to move "stuff" from one point to another, the type of "stuff" ( text, executable, image, etc.) is irrelevant EXCEPT for the FTP switch for text vs. binary transfers. I'll assume you are you using the BINARY switch?
First possibility - The FTP server or configuration. Is there enough room on the server to receive the file? Is the FTP server configured to limit the size of incoming files? The type of incoming file? Second possibility - The transfer path. Is there something in the path such as anti-virus software, content filters (MIMESweeper), etc. that might be blocking or limited the transfer? Third possibility - The transfer protocol. FTP, TCP and IP all have error, retry and timing thresholds. If one of the devices in the path (for example the T1 service module) is defective and cause a high number of errors, dropped packets or long delays, the protocols will eventually give up. Sometimes differences in the protocol parameters between the server and client make these kinds of failures less obvious. For example, the server may give up after 20 packet errors but the client may not time out for 2 or 3 minutes because it is waiting from 21 errors. Based on the symptoms and the fact that the T1 circuit was disable by a lighting strike, I think I'd start with protocol problems. Check the error stats on the CSU/DSU, the router, the server and the client. A T1 if a duplex circuit, problem that only affect the transmit or receive side can really raise havoc with the upper level protocols. Hope this help you find the problem. -- Bill Stackpole, CISSP ----- Original Message ----- From: "Laura Folden" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 12, 2001 6:12 AM Subject: Router problem? > About two weeks ago, our Video department started having trouble FTP'ing movie and flash files to the website (offsite). At around that time we had a lightning strike that took out our T1 card, but this was replaced quickly. We have a failover ISDN, but we cannot upload the files through that. This is definitely not a firewall problem. > > It only happens to those type of files. It only seems dependent on size when it is the movie files; flash files, regardless of size, won't upload at all. The transfer for movie files stalls at about 50%. There is no filtering and we have had our T1 and router tested. The same files, zipped, run through just fine. When we remove the *.rm and *.fla extensions, they still stall at the same place. > > Our traffic runs at about 30% of the full T UNTIL we start to upload these types of files. Suddenly we run at 100% incoming--not outgoing--traffic. > > Sending the files from another location, or to another location, does not help. Trying it from different computers, using different FTP programs, does not help. > > Can this be a DOS attack? Has anyone experienced this? > > Thanks! > Laura Folden > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
