On Mon, 23 Jul 2001, Tim Brown wrote: > Anyone have an idea on when the peak of activity for Red Worm occurred? The worm changed modes on 7/19 17:00 PDT, 7/19 20:00 EDT. It changed from spreading mode (what I would expect to cause a load balancer trouble) to attack Whitehouse mode (which shouldn't cause extra ARP entries, AFAIK.) I'm a bit puzzled why this should affect the ARP tables anyway... as those would normally only be for your LAN nodes. Unless you've got proxy ARP turned on for the entire Internent or something... which model of load balancer? Ryan > We lost a load balancer last Friday (7/20) at 1300 (EDT) due to > exceeding the max size of the arp table. Just trying to figure out if > it could be associated in any way. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:27:11 PDT