PROTECTED] On Behalf Of
Rodney Dunn
Sent: Wednesday, September 06, 2006 8:45 PM
To: Christopher L. Morrow
Cc: Rodney Dunn; Mike Walter; Hank Nussbacher; Justin M. Streiner;
nanog@merit.edu
Subject: Re: Router / Protocol Problem
Then that proves it's not a local router problem then. :)
On Wed, Sep 06
@merit.edu
Subject: Re: Router / Protocol Problem
Then that proves it's not a local router problem then. :)
On Wed, Sep 06, 2006 at 07:49:26PM +, Christopher L. Morrow wrote:
On Wed, 6 Sep 2006, Rodney Dunn wrote:
Get a sniffer trace. Packets on the wire prove what's going on.
provided
Apparently some how this connection is being
matched via NBAR for good old Code Red.
Best moved to cisco-nsp.
What!?
Network operator discovers that measures taken to mitigate
an old network security measure, long past their sell-by
date, are now causing random grief. Seems to me like
bang
On Thu, 7 Sep 2006 07:27:16 -0400
Mike Walter [EMAIL PROTECTED] wrote:
Sep 7 06:50:20.697 EST: %SEC-6-IPACCESSLOGP: list 166 denied tcp
69.50.222.8(25) - 69.4.74.14(2421), 4 packets
[...]
I'm not very familiar with NBAR or how to use it for CodeRed, but this
first rule:
access-list 166 deny
[EMAIL PROTECTED] writes:
Network operator discovers that measures taken to mitigate
an old network security measure, long past their sell-by
date, are now causing random grief. Seems to me like
bang on topic for NANOG.
Agreed. Rare that people do haircuts on router configs; they're
Hi John,
John Kristoff wrote:
On Thu, 7 Sep 2006 07:27:16 -0400
Mike Walter [EMAIL PROTECTED] wrote:
Sep 7 06:50:20.697 EST: %SEC-6-IPACCESSLOGP: list 166 denied tcp
69.50.222.8(25) - 69.4.74.14(2421), 4 packets
[...]
I'm not very familiar with NBAR or how to use it for CodeRed, but this
: Wednesday, September 06, 2006 8:45 PM
To: Christopher L. Morrow
Cc: Rodney Dunn; Mike Walter; Hank Nussbacher; Justin M. Streiner;
nanog@merit.edu
Subject: Re: Router / Protocol Problem
Then that proves it's not a local router problem then. :)
On Wed, Sep 06, 2006 at 07:49:26PM +, Christopher L
On Sep 6, 2006, at 9:04 AM, Mike Walter wrote:
Recently with no changes to my network, I have been having problems
connecting to certain websites and mail servers. I am always able
to ping the sites and trace route without error. If I telnet to
port 80 or port 25 it does not connect.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Seems dubious. So I'm not not sure what sets the codepoint to 01
by default, but apparently CodeRed does? Nevertheless, this seems like
a very weak basis for determining whether something is malicious.
There is an elegant solution;
On 06/09/06, Mike Walter [EMAIL PROTECTED] wrote:
I normally would not post to the group, but I am 100% stumped and have talked with peers with no luck.
I have (2) Cisco 7204 Routers running
BGP with 3 peers and HSRP. I am not doing anything special with
BGP, pretty much a default
On Wed, 6 Sep 2006, Mike Walter wrote:
I normally would not post to the group, but I am 100% stumped and have
talked with peers with no luck.
I have (2) Cisco 7204 Routers running BGP with 3 peers and HSRP. I am
not doing anything special with BGP, pretty much a default config that
has not
One more thing, I can successfully do a tcptraceroute if
that matters.
Mike Walter
From: tony sarendal
[mailto:[EMAIL PROTECTED] Sent: Wednesday, September 06, 2006
9:32 AMTo: Mike WalterCc:
nanog@merit.eduSubject: Re: Router / Protocol
Problem
On 06/09/06, Mike
Walter [EMAIL PROTECTED
Does your peer or you have any ACLs on the PtP link which may be
dropping the packets? If your peer is doing uRPF and doesn't have
your route properly installed it can cause problems on their edge.
Are the sites you cannot reach akamaized? I've had issues with some
akamaized sites when
Solution think 3z.net
Voice (859) 331-9004
Fax (859) 578-3522
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Justin M. Streiner
Sent: Wednesday, September 06, 2006 9:42 AM
To: nanog@merit.edu
Subject: Re: Router / Protocol Problem
On Wed, 6 Sep 2006
On Wed, 6 Sep 2006, Mike Walter wrote:
Thanks for everyone's great input. Here are answers to Justin's
questions.
#1 - 12.3.6a - 7204VXR (NPE400) 512MB - 200+ MB free
#2 - 12.2.15T5 - cisco 7204VXR (NPE225) - 256MB (I have a NPE400 - 512MB
I want to swap in) - 23MB Free (Issue?)
Full Routes
On Wed, 6 Sep 2006, Mike Walter wrote:
Thanks for everyone's great input. Here are answers to Justin's
questions.
#1 - 12.3.6a - 7204VXR (NPE400) 512MB - 200+ MB free
#2 - 12.2.15T5 - cisco 7204VXR (NPE225) - 256MB (I have a NPE400 - 512MB
I want to swap in) - 23MB Free (Issue?)
Full
if that would change anything as well.
Mike
-Original Message-
From: Hank Nussbacher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 12:07 PM
To: Mike Walter
Cc: Justin M. Streiner; nanog@merit.edu
Subject: RE: Router / Protocol Problem
On Wed, 6 Sep 2006, Mike Walter wrote
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 12:07 PM
To: Mike Walter
Cc: Justin M. Streiner; nanog@merit.edu
Subject: RE: Router / Protocol Problem
On Wed, 6 Sep 2006, Mike Walter wrote:
Thanks for everyone's great input. Here are answers to Justin's
questions
On Wed, 6 Sep 2006, Rodney Dunn wrote:
Get a sniffer trace. Packets on the wire prove what's going on.
provided the packets get back to him, it seems his problem is traffic
getting back to him :( so probably no packets will be on the wire (none in
question atleast)...
Then that proves it's not a local router problem then. :)
On Wed, Sep 06, 2006 at 07:49:26PM +, Christopher L. Morrow wrote:
On Wed, 6 Sep 2006, Rodney Dunn wrote:
Get a sniffer trace. Packets on the wire prove what's going on.
provided the packets get back to him, it seems his
20 matches
Mail list logo
