Re: TCP session disconnection caused by Code Red?

From: Blaz Zupan (no email)
Date: Tue Aug 07 2001 - 00:40:02 EDT


> > It's not the packets per second that seems to kill them, its
> > the amount of arp cache and sessions (figure 600 packets per second,
> > each packet to a different host...Thats a lot of sessions in 5 minutes)
>
> Curious, in that case consider null routing unused blocks, perhaps take
> the opportunity to improve on subnet and vlan distribution to help the
> null routing.

That's exactly the case. All the unused IP addresses are nullrouted and most
of the traffic was destined for the nullrouted addresses. I don't think a lot
of arp activity was going on.

Blaz Zupan, Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: , Tel: +386-2-320-6320, Fax: +386-2-320-6325








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD