On Thu, 11 Apr 2002 15:53:03 -0400 Valdis.Kletnieksat_private wrote: > Anybody *else* remember a certain worm randomly picking IP addresses > to attack, and causing IGMP meltdowns when it happened to pick a > 224.x.x.x address, as all the multicast-aware hosts would start asking > about the group? I remember a 2AM firestorm that took several of our > routers and part of Abeliene with it... It was the Ramen worm and it scanned random address space, including that within 224.0.0.0/4. It wasn't IGMP, but rather problems with excessive session announcement state between MSDP peers. Marshall Eubanks gave a good presentation at a recent NANOG about IP multicast issues including the impact of Ramen on the IP multicast enabled Internet. John ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 16:14:27 PDT