beta.13 (and beta.12) insect
Russell Fulton
r.fulton at auckland.ac.nz
Mon Aug 25 16:24:32 EDT 2003
On Tue, 2003-08-26 at 04:24, Neil Long wrote:
> You need to filter them on your routers (or firewall) - they are icmp type
> echo and size 92 but the precise incantation depends on your routers.
We have blocked pings at both ends of our DMZ, not so much to protect
argus (which is struggling) but to protect an old CISCO 4000 which is
the border between our main network and the DMZ. The 4000 is connected
to two 6509 in the main network and we are filtering there. Time to
replace the 4000 me thinks!
Welchia finally made it onto our internal network yesterday and even
though we only had about half a dozen infections it was enough to kill
the 4000:
http://kaka.itss.auckland.ac.nz:888/cgi-bin/plot-index?period=day-2003.08.25
BTW the plots are done with NeTraMet not argus. Oh yes, the scales are
in Kbps not Mbps!
--
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.
More information about the argus
mailing list