RE: weird

From: Chris McClincy (chris_at_mcclincy.com)
Date: 02/21/04

  • Next message: H Carvey: "Re: weird"
    To: <security-basics@securityfocus.com>
    Date: Fri, 20 Feb 2004 16:40:32 -0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    If you are running STP within your network there could be a
    convergence happening (the symptoms are similar). This is typically
    caused by a bridging loop or if you have a connection flapping
    between your switches.

    - -----Original Message-----
    From: kenzo [mailto:kenzo_chin@hotmail.com]
    Sent: Thursday, February 19, 2004 6:15 PM
    To: security-basics@securityfocus.com
    Subject: weird

    This weird thing happened at work.
    Everything was fine, then all of sudden the whole network freezes.
    All the swicthes and hub lights are blinking like there's no tomorow.
    So much traffic going on I can't even ping the computer accross me on
    the same switch. Then it stops and everything is back to normal. That
    happened twice. I use Ntop to watch for protocol usage to find
    infected computers(when that
    happens) and people using other protocols that the're not suppose to.
     When this happens the box crashes. I tried using ethereal to see if
    I saw anything but of course it doesn't happen when I'm ready for it.
    I looked thru the traffic that I gathered from ethereal but none seem
    to really stick out. I'm not an expert, so the only thing that I know
    that will do the same thing is flooding the network with ramdom MAC
    addresses. Or maybe a major arp flooding or something. I haven't
    tried the arp flooding, but I know that the Mac flooding does the
    same thing.

    What could it be? Did someone flood the network on purpose? If so,
    how do I track it? Or could it be that a bad Nic or device on the
    network just went crazy for a while. (That's what my boss seems to
    think.) Even then, how do I track it?

    Thanks.

    - ----------------------------------------------------------------------
    - -----
    Free trial: Astaro Security Linux -- firewall with Spam/Virus
    Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    - ----------------------------------------------------------------------
    - ------

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    iQA/AwUBQDapAM7scxW5zUmDEQIuwgCfSXvt2HLflSreiRTdtmc7yDvg+XcAoJEi
    DmHeRv3Zm+9TGdBuH/kvFvir
    =+XcZ
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    ----------------------------------------------------------------------------


  • Next message: H Carvey: "Re: weird"

    Relevant Pages

    • Re: Front End/Back End communication
      ... I believe we should further protect the FE Exchange Server: ... the FE is located on the internal network with typical full-stack access to ... There is no such thing as security perfection. ...
      (Focus-Microsoft)
    • Re: Client End Firewalls
      ... I've done what I can to protect it ... I prefer a reasonable network setup over software ... speaking to someone off list about added layers of security. ... post-it on the door next to the monitor. ...
      (Security-Basics)
    • RE: Client End Firewalls
      ... I've done what I can to protect it (mirrored the ... drive with software RAID) and have setup security precautions. ... I prefer a reasonable network setup over ... >> password on a post-it note) can't be jumping into Jane's network ...
      (Security-Basics)
    • Re: Front End/Back End communication
      ... I believe we should further protect the FE Exchange Server: ... the FE is located on the internal network with typical full-stack access to ... There is no such thing as security perfection. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)