On Saturday 25 January 2003 11:03 pm, Jack Coates wrote: > On Sat, 2003-01-25 at 21:13, Lorne wrote: > > Hey guys here is a new one for me. Our company just got hit with the > > virus you will surely hear about on the news. > > > > One box has a weird problem now. If I send a ping from it or to it, I get > > two repsonses back!?!?!? I don't want to drive 40 minutes one way to do a > > packet trace to see what is REALLY going on, but may have to. Anybody > > hear of this and what could cause it? > > Is this using name or IP? > > try some traceroute and tcptraceroute tests and look for anomalous or > unexpected hops. My guess is that there's spoofing going on -- maybe > dsniff, maybe ettercap.
Sorry I didn't get back to you last night. I had already started the request for infrastructure to get their asses down there since it sure seemed like a switch issue. However, what threw me initially was that it was only the one server on that blade. All the others were fine. Past experience has been that they will make me "prove" it is their problem. This time I didn't get any fight. Sure enough, moved the fiber to another port and it was fine. ?? I have no idea what caused it, but as long as my server is back up, I'm happy. I had a REAL weird one about 2 months ago where a workstation could be pinged, but icmp traffic was all that would pass. If I took that workstation to another closet it worked fine. Infrastructure replaced the nic and the problem went away. So somehow it was based on that MAC. They refused to admit it might be a switch issue for quite awhile since they don't block at that level. Another computer showed up with the problem and after some packet traces from the server and work station simultaniously, I proved to them that the switch was dropping the packets on the floor! So maybe since I one that last fight they were less enthusiastic about fighting me. :) Credability from past issues helps as well I guess. :O I had tried to call them back about tracerouting to see what kind of weird things we might see. By the time I finally got to them, they were already changing ports.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
