A server at one of our campuses (a college, campuses all over the state) got infected around 0900 UT and started hammering the hell out of our WAN and their local LAN, sending 10.4MB/sec through the router and then 1.2MB/sec out our internet line (bytes not bits). It stopped about an hour later. Turns out it flooded the router so hard it looks like that router has shut down. I can't ping a darn thing inside that campus now.... Fitting justice.
That router must be fairly undersized... No point in having a router that can't sustain max-traffic on the network it's put on...
What if your campus get slashdotted ? Kinda boring if the router shutsdown because of legit traffic;-)
My guess is that some MSCP caught panic when he saw the load on the mssql-server and pulled the plug...
It's happened to me... (and he wasn't even MSCP just vanilla dumb...)
I don't think so, those MS certifiable guys don't have access to the routers at my college, so they couldn't do that. I haven't been able to get hold of the personnel in charge of the routers (it IS the weekend and they don't pay people to be on standby here). One theory is that our upstream provider noticed the problem and did something. Packets going in from outside hit a routing loop at that point. The gated on my internal hosts at another location have turn off all routes to that other campus, indicating they got that route delete info from our campus's router, which chatters to the others.
At this point, I dunno, just glad it's nuked off the net for now. It was saturating our 10 megabit line to our provider for a while there...
I pity the poor saps who have hosts at colo facilities that charge for bandwidth. It's fitting if an unpatched victim pays extra, not the innocent victims who get to deal with all the useless traffic from this...
Looks like this post to bugtraq explains why that router at my college died from this:
"Tier 1 backbones are reporting a bad night: routing
instabilities, one major dropped most of its peering
for a while, the volume from this triggers the Cisco
netflow switching bug and is causing routers to lock
up at places, etc."
One at our site cut itself off from the net... (Score:2)
Re:One at our site cut itself off from the net... (Score:2, Interesting)
No point in having a router that can't sustain max-traffic on the network it's put on...
What if your campus get slashdotted ? Kinda boring if the router shutsdown because of legit traffic
My guess is that some MSCP caught panic when he saw the load on the mssql-server and pulled the plug...
It's happened to me... (and he wasn't even MSCP just vanilla dumb...)
Re:One at our site cut itself off from the net... (Score:2)
At this point, I dunno, just glad it's nuked off the net for now. It was saturating our 10 megabit line to our provider for a while there...
I pity the poor saps who have hosts at colo facilities that charge for bandwidth. It's fitting if an unpatched victim pays extra, not the innocent victims who get to deal with all the useless traffic from this...
Re:One at our site cut itself off from the net... (Score:4, Interesting)
"Tier 1 backbones are reporting a bad night: routing instabilities, one major dropped most of its peering for a while, the volume from this triggers the Cisco netflow switching bug and is causing routers to lock up at places, etc."