Thanks. After two hours of troubleshooting everthing
imaginable, it came down to being the Nimda virus.
Strangly, it wasn't the IIS servers that were affected
(they are all patched, etc), but the massive amount of
traffic caused by Nimda was overloading Apache on the
Linux servers. Fixed it by a combination of denying
traffic at the router from specific blocks of
offenders, and IPchains rules on the Linux servers. I
have been doing this for a couple of years, and Nimda
is the worst thing we have seen here.
--- "Jay D. Dyson" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 18 Sep 2001, Michael Wilcox wrote:
>
> > Have a problem on the network where suddenly, a
> large number of
> > production servers are not resolving for port 80
> (http) traffic. OS is
> > RedHat Linux, mix of kernels (2.2.14, and 2.4).
> Using Bay Network
> > switches. Anyone know of any new exploits that
> would cause this? mail,
> > ftp, etc works. It's just that port 80 isn't
> resolving. I'm baffled.
>
> It'd help if you mentioned what network you were
> on. If you were
> a Concentric/XO customer, you can thank their
> network department for that.
> Yesterday they blocked all inbound and outbound
> traffic on port 80.
>
> Of course, this was after I'd spent the last six
> weeks warning
> them about the Code Red infestation on their
> networks. They didn't do a
> thing about it until Nimda lowered the boom.
>
> I don't know if they cleaned up their act or not.
> I ended up
> firewalling all traffic from their networks. And I
> don't give a damn who
> it affects. I'm sick of their stupidity.
>
> - -Jay
>
> ( (
> _______
> )) )) .-"There's always time for a good cup of
> coffee."-. >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson -
> [EMAIL PROTECTED] ------<) | = |-'
> `--' `--' `--------------- rm -rf /bin/laden
> ---------------' `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: See http://www.treachery.net/~jdyson/ for
> current keys.
>
>
iQCVAwUBO6lfCrlDRyqRQ2a9AQFLGQP/QrDKdsAy2SP0n82HLHjPPVYiB0jaZtzo
>
Kns44BKABOU2+neKVCRjfl19nlCJ5WNBlbNmfBeD6nqshy8Gu9xcEarZdPyjGKPy
>
FhRwiiiayFDjkyvp7ZtrBGbrsjdwcBzNeQJRpjqSoUs6G0FGgjOkVBOVe4ShLGIf
> g1pP/e9KDUg=
> =pXL9
> -----END PGP SIGNATURE-----
>
__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
