Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red

  • From: lucifer
  • Date: Thu Jul 19 23:15:58 2001

Jeff Ogden wrote:
> 
> Here at Merit we are seeing large numbers of Code Red infected hosts. 
> These hosts may be on our regional network MichNet or they may be 
> elsewhere out on the greater Internet. It is the port scanning of 
> random IP address that causes problems, because the scanning in turn 
> is causing network problems due to heavy ARP loads when the local 
> site routers ARP for what turn out to be unused IP addresses.  This 
> is an issue when there are large blocks of IP addresses behind a 
> router. It is less of a problem when there is a relatively small 
> number of IP addresses behind a router (say one class C worth). Are 
> others seeing these sorts of problems?  What strategies are there for 
> dealing with this?

Reports from our monitoring systems saw the CPU usage jump by somewhere
between 150-200% for our core routers today; our current theory is that
much of this was caused by excessively short and rapid flows from the
probing, causing a lot of new paths to be learned (and rapidly discarded),
rather than being able to just switch it through.
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://www.lightbearer.com/~lucifer




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.