Really, really bad - most traffic I see is from this virus/dos: Extended IP access list 152 deny udp any any eq 1434 (5639464 matches) - 94% permit ip any any (311888 matches) - 6%
Wow!!! On Fri, 24 Jan 2003 [EMAIL PROTECTED] wrote: > > > Really bad. Quick capture of filter drops: > > PROTO 17 (UDP) pkt from (IP's from all over the world)/1033 to (All my IP > space)/1434 dropped > > On Sat, 25 Jan 2003, hc wrote: > > > > > Okay this is getting bad.. one of our routers just locked up from udp > > 1434's. Can't even telnet to it now. > > > > -hc > > > > Joel Perez wrote: > > > > >My firewalls are going nuts with hits on UDP port 1434 also from > > >everywhere! > > > > > > -----Original Message----- > > > From: Aaron Burnett [mailto:[EMAIL PROTECTED]] > > > Sent: Sat 1/25/2003 1:19 AM > > > To: Alex Rubenstein > > > Cc: hc; [EMAIL PROTECTED] > > > Subject: Re: Level3 routing issues? > > > > > > > > > > > > > > > > > > On Sat, 25 Jan 2003, Alex Rubenstein wrote: > > > > > > > > > > > > > > > I dunno about that. But, I am seeing, in the last couple hours, > > >all kinds > > > > of new traffic. > > > > > > > > like, customers who never get attacked or anything, all of a > > >sudden: > > > > > > > > > > >http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html > > > > > > > > > > > > We are seeing this on ports all across out network -- nearly 1/2 > > >our ports > > > > are in delta alarm right now. > > > > > > > > Anyone else? > > > > > > > > > > Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from > > >all over > > > the world to any address on my network. > > > > > > > > > > > > > > > > > > >