wg-multicast - Re: MSDP storm
Subject: All things related to multicast
List archive
- From: "Pedro M. Ruiz" <>
- To:
- Cc:
- Subject: Re: MSDP storm
- Date: Thu, 01 Feb 2001 16:50:56 +0100
Hello all,
I'm sorry very much for the MSDP storm from 157.88.142.2.
This host belongs to the University of Valladolid, which is under the
RedIRIS AS.
I've rate-limited MSDP SAs in our peering with TEN-155 according to
Hank's recommendations.
Now we're using:
rate-limit input access-group 180 8000 4470 4470 conform-action transmit
exceed-action drop
...
EB-Madrid00#sh access-lists 180
Extended IP access list 180
permit tcp any any eq 639 (26138 matches)
permit udp any any eq 639 (1527 matches)
deny ip any any (95813443 matches)
Are there better values than this 8Kb rate limits?
I've also filtered TCP packets addressed to IP multicast groups at
the access router.
Finally, I've checked that the host 157.88.142.2 is a Linux
RedHat 7.0 that has been compromised with a modified version of
RAMEN.
I've contacted my coleagues in the IRIS-CERT. They're now further
investigating this mutation and contacting the administrators of this host.
Best Regards,
______________ __ _______________________________
/_/
Pedro M. Ruiz __ __
RedIRIS/CSIC /_/ RedIRIS /_/ Tel: + 34 915855150
Serrano,142 __ Fax: + 34 915855146
E-28006 Madrid /_/
SPAIN Network Engeneer
____________ Spanish Academic & Research Network ___________________
- MSDP storm, Irene Rousohatzaki, 02/01/2001
- Re: MSDP storm, Marshall Eubanks, 02/01/2001
- <Possible follow-up(s)>
- Re: MSDP storm, Pedro M. Ruiz, 02/01/2001
Archive powered by MHonArc 2.6.16.