[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses

Subject: Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
From: Larry Smith <lesmith@xxxxxxxxx>
Date: Thu, 2 Oct 2003 21:57:35 -0500
Organization: ECSIS
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thursday 02 October 2003 21:19, Chuck Lewis wrote:
> What surprised both of us is the Qube 3 had to be getting hammered like
> this too but "took a lickin' and kept on tickin' " so to speak. What was
> the Qube 3 doing to ignore/absorb this traffic that is overwhelming the
> memory in this Cisco 1605R ?
>
> So this sound plausible to you folks that understand this stuff  -
> better than me :-) ?

Blaster, Sobig, Welchia, and such "probe" for machines on port 135 - the Qube 
would not natively be listening to that port and would not care (dump it all) 
so yes, that makes sense.  The router is designed to "process" traffic, 
therefore when it started coming its way, it spends a "lot" of time trying to 
firgure out what to do with all the packets that the Qube just discarded 
(routers do not discard packets except by specific configuration - their 
purpose in life is to hand off packets so that is what it is trying to do...)
(layman's/lay-persons explanation)...

-- 
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx

Follow-Ups:
- RE: [cobalt-security] Qube 3 and the Latest Wave of Viruses
  - From: Chuck Lewis

References:
- [cobalt-security] Qube 3 and the Latest Wave of Viruses
  - From: Chuck Lewis

Prev by Date: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Next by Date: Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Previous by thread: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Next by thread: RE: [cobalt-security] Qube 3 and the Latest Wave of Viruses

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index