All things related to multicast

[Prashant Rajvaidya <>]

FYI, I have put some interesting Charts, Statistics and a Topology-Map at
the following location:
        http://www.nmsl.cs.ucsb.edu/mantra/ries/sapphire/

I hope that this page can provide some more insight.

--prashant

On Sat, 25 Jan 2003, Marshall Eubanks wrote:

> Note : I do not see any indication  of RAMEN worm type MSDP havoc - but
> I have received confirmation about the targeting of Multicast group 
> addresses.
> 
> However, one thing I do note is that the number of NLANR beacons we can 
> see has gone
> down by about 1/2. Since the beacons still seem to be there, this may 
> indicate that people are shutting down MSDP or
> that there are other problems.
> i
> Marshall
> 
> On Saturday, January 25, 2003, at 11:04  AM, Marshall Eubanks wrote:
> 
> > Some of you may have heard about the 1434 worm :
> >
> > This is a very bad attack going on today since about midnight EST last 
> > night.
> >
> > The message below indicates that the worm may be sending UDP Multicast. 
> > If so, this may cause real
> > problems with MSDP, along the lines of the Ramen worm.
> > I haven't seen anything yet, but MSDP peers should probably watch out.
> >
> > It is a worm that will
> > - attack MS SQL through port 1434 UDP
> > - generate amazing amounts of traffic outbound
> > - systematically try and find and infect other SQL machines
> >
> > If you are running MS SQL it is listening to port 1434, so you may have 
> > a problem.
> >
> > Technical details
> > http://www.nextgenss.com/advisories/mssql-udp.txt
> >
> > Marshall
> >
> > Begin forwarded message:
> >
> >> From: "Jamie - i-Dot" 
> >> <>
> >> Date: Sat Jan 25, 2003  03:57:43  AM US/Eastern
> >> To: 
> >> 
> >> Subject: [isp-webhosting] Re: root server attack
> >> Reply-To: 
> >> 
> >>
> >> Noticing the same here,
> >>
> >> Some customers seem to be infected / sending out UDP packets to
> >> multicast addresses,
> >>
> >> Tracked it down to SQL server agent on a few boxes...
> >>
> >> Strangely enough, LINX doesn't seem to be showing any excess traffic at
> >> all.
> >>
> >> -----Original Message-----
> >> From: Metanet Help Desk 
> >> [mailto:]
> >> Sent: 25 January 2003 07:55
> >> To: 
> >> 
> >>
> >> We are seeing the signs of a wide-scale attack against root servers on
> >> the internet. This is directed at the internet in general and the
> >> affects are being felt wide-spread.  Every other provider we have been
> >> in contact with is aware of this.  You may experience intermittent
> >> connectivity issues while these are happening and the connectivity
> >> issues may occur more frequently if these attacks are not stopped
> >> quickly.
> >>
> >>
> >> ----- Original Message -----
> >> From: "Gary Carr" 
> >> <>
> >> To: 
> >> <>
> >> Sent: Saturday, January 25, 2003 2:08 AM
> >> Subject: [isp-webhosting] Re: Win FTP Servers
> >>
> >>
> >> Anyone have a clue what the major attack going on this am is? All of 
> >> our
> >> upstreams over having network-wide problems.
> >>
> >>
> >>
> >> Gary
> >>
> >>
> >>
> >>> At 1/22/2003, you wrote:
> >>>> I'm investigating for an Windows-based FTP server. Security and
> >>>> ease-of-use are my basic concerns. I don't care much about bells and
> >> whistles.
> >>>>
> >>>> Any suggestions?
> >>>
> >>> http://www.wftpd.com/
> >>>
> >>> WFTPD is very easy to setup and maintain.  I've been very happy with
> >>> it.  And it's cheap.
> >>>
> >>> --Dave
> >>>
> >>>
> >>> __________   The ISP-WEBHOSTING Discussion List   __________
> >>> To Join: 
> >>> mailto:
> >>> To Remove: 
> >>> mailto:
> >>> Archives: http://isp-lists.isp-planet.com/isp-webhosting/archives/
> >>>
> >>
> >>
> >>
> >> __________   The ISP-WEBHOSTING Discussion List   __________
> >> To Join: 
> >> mailto:
> >> To Remove: 
> >> mailto:
> >> Archives: http://isp-lists.isp-planet.com/isp-webhosting/archives/
> >>
> >>
> >>
> >> __________   The ISP-WEBHOSTING Discussion List   __________
> >> To Join: 
> >> mailto:
> >> To Remove: 
> >> mailto:
> >> Archives: http://isp-lists.isp-planet.com/isp-webhosting/archives/
> >>
> >>
> >>
> >>
> >> __________  The ISP-WEBHOSTING Discussion List  __________
> >> To Join: 
> >> mailto:
> >> To Remove: 
> >> mailto:
> >> Archives: http://isp-lists.isp-planet.com/isp-webhosting/archives/
> >>
> >                                  Regards
> >                                  Marshall Eubanks
> >
> 
> 
> T.M. Eubanks
> Multicast Technologies, Inc.
> 10301 Democracy Lane, Suite 410
> Fairfax, Virginia 22030
> Phone : 703-293-9624       Fax     : 703-293-9609
> e-mail : 
> 
> http://www.multicasttech.com
> 
> Test your network for multicast :
> http://www.multicasttech.com/mt/
>   Status of Multicast on the Web  :
>   http://www.multicasttech.com/status/index.html
> 
>