The UK Home Automation Archive

Archive Home

Group Home

Search Archive
Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] ARP Flooding

To: ukha_d@xxxxxxx
Subject: Re: [OT] ARP Flooding
From: Ian Oliver <ioliver.lists@xxxxxxx>
Date: Fri, 26 Sep 2003 09:51:25 +0100
Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
Reply-to: ukha_d@xxxxxxx

In article <000301c38409$6a0c50f0$1301fea9@xxxxxxx>, Julian
Stuhler wrote:
> To try and figure out what was going on, I downloaded a trial version
of
> Aligent Advisor LAN so that I could see what all the mysterious
activity
> was for. It turns out that my Win2K server is issuing thousands and
> thousands of ARP requests, starting at a value (e.g. 192.170.193.0)
and
> incrementing the target address by 1 each time. Usually, the target
> addresses are outside of my local subnet (192.168).

Sounds like the MSBlast or Welchia worm. You need to patch first and then
disinfect. You can manually disable the worm by removing the relevant
files and registry keys but you'll catch it again very quickly if you
haven't patched.

Ian Oliver
Sunny Leeds, UK
Using Java on Tini for control via Dallas 1-wire

Prev by Date: Re: [OT?]
Next by Date: RE: Re: [OT?]
Previous by thread: [OT] ARP Flooding
Next by thread: RE: [OT] ARP Flooding
Index(es):
- Date
- Thread

Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.