Not Code Red, was Re: [NCLUG] error message
John L. Bass
jbass at dmsd.com
Tue Aug 7 15:00:41 MDT 2001
Me too, although I ran tcpdump and found the problem seemed to be a ton of
arp packets... I don't know if that's increased from Code Red attacks, some
other attack, or stupid network admins (Yay Charter!!)
The ARP's are a secondary problem from random IP probes and the size of the local
subnet. Arp will send several queries out for every probe - which are almost certain
to not be answered.
Might suggest they either filter for non-existant address blocks on the network, or
cut the size of the subnets.
John
More information about the NCLUG
mailing list