wg-multicast - RE: [NOC] Re: msdp weather
Subject: All things related to multicast
List archive
- From:
- To: John Barlow <>
- Cc: Bill Owens <>, Marshall Eubanks <>, <>, <>
- Subject: RE: [NOC] Re: msdp weather
- Date: Mon, 29 Dec 2003 19:41:16 -0800 (PST)
I think it would be helpful to know if this was a compromised machine,
and if the suspect code was a previously known classD address scanner - or
something entirely new.
Thanks,
Greg
On Tue, 30 Dec 2003, John Barlow wrote:
>
>
> Bill Owens writes:
> > On Fri, Dec 19, 2003 at 04:40:59PM -0500, Marshall Eubanks wrote:
> > > Still pretty much continual msdp storms from Australia :
> > >
> > > Thu Dec 18 18:12:40 2003 MSDP_Unique_Entries 9612
> > > Fri Dec 19 00:12:40 2003 MSDP_Unique_Entries 10038
> > > Fri Dec 19 06:12:41 2003 MSDP_Unique_Entries 9982
> > > Fri Dec 19 12:12:40 2003 MSDP_Unique_Entries 10356
> >
> > Just curious, this has obviously been stopped in the last 10
> > days but I never heard what the cause was. Was there a report
> > from the site?
>
> No analysis as such.
>
> The host causing the problems is in the University of Queensland. The
> host was not "owned" by the central networking group, so they simply
> added an access-list to block all packets from the host, and last we
> heard they were going to chase down the hosts owners to see how it had
> been compromised (at this stage we assume it was compromised in some
> way).
>
> Do you want a report chased down ?
>
>
> John Barlow
>
>
- RE: [NOC] Re: msdp weather, John Barlow, 12/29/2003
- RE: [NOC] Re: msdp weather, shep, 12/29/2003
Archive powered by MHonArc 2.6.16.