-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kerberos also listens on port 88 on Win2k systems.
Steven L. Schullo, CISSP, MCSE, CCNA BORN Dallas Infrastructure mailto:[EMAIL PROTECTED] - -----Original Message----- From: Peter Kristolaitis [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 07, 2002 5:27 PM To: hantu; [EMAIL PROTECTED] Subject: Re: Protocol 88 At 03:27 PM 7/5/02, hantu wrote: >List, > > Recently, both ZoneAlarm personal firewalls installed on all > windows-based >machines and also on the NIDS, a lot of "protocol 88" traffic has >been recorded. Protocol 88 seems to be a Cisco-specific protocol: [root@hermes /]# grep 88 /etc/protocols eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) [root@hermes /]# So I guess the most obvious question first: Do you have any Cisco gear (particularly routers) on your network? Any equipment that was installed prior to all these alerts would be the first thing I'd check; next, I'd check ALL routers (and other 'border' equipment) for signs of a compromised or misconfiguration. I've seen cases where equipment (not Cisco in particular) started literally flooding the network -- most of the network was accessible... but VERY, VERY slow (a 100baseT section was reduced to a few kilobytes/sec of available bandwidth). It turned out to be a configuration problem with a switch or something (I forget exactly what caused it now). May be something similar in your case... Just a thought. - - Peter Kristolaitis -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPSm0JHG92AMJgCiGEQI9IQCfdajFVm9fsrkTwOkxLvZpPmWPCtIAniu6 r+dfsSBxDGyDWNGD57a8Dpdk =9+0e -----END PGP SIGNATURE-----
