On 12 Dec 2001, at 9:12, Laura Folden wrote: > About two weeks ago, our Video department started having trouble > FTP'ing movie and flash files to the website (offsite). At around > that time we had a lightning strike that took out our T1 card, but > this was replaced quickly. We have a failover ISDN, but we cannot > upload the files through that. This is definitely not a firewall > problem. > > It only happens to those type of files. It only seems dependent on > size when it is the movie files; flash files, regardless of size, > won't upload at all. The transfer for movie files stalls at about > 50%. There is no filtering and we have had our T1 and router > tested. The same files, zipped, run through just fine. When we > remove the *.rm and *.fla extensions, they still stall at the same > place. > > Our traffic runs at about 30% of the full T UNTIL we start to > upload these types of files. Suddenly we run at 100% incoming--not > outgoing--traffic. > > Sending the files from another location, or to another location, > does not help. Trying it from different computers, using > different FTP programs, does not help. > > Can this be a DOS attack? Has anyone experienced this? > > Thanks! > Laura Folden
I've seen FTP of large files fail when the source said "don't fragment" and was sending packets too big for the MTU of some link in the path, but the fact that compressed versions get through sounds like that's not what happens here. There has recently been an issue with 64Kbps Frame Relay services, where certain bit sequences can throw equipment into a loopback mode (which is kinda what 100% inbound sounds like), but I have not heard of this showing up on full T1s. Still, the fact that compressed versions get through and uncompressed don't *does* suggest that it is somehow the content of the files that is triggering the problem. Perhaps *your* T1 card wasn't the only device damaged by the lightening -- maybe there's a more subtle problem at the other end of the line? It would be really nice to put a tap in the line and capture some of the traffic when this happens. You may not have the equipment around to do that, but maybe your website host does.... DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
