On Thursday, Oct 2, 2003, at 22:19 US/Eastern, Chuck Lewis wrote:
What surprised both of us is the Qube 3 had to be getting hammered likethis too but "took a lickin' and kept on tickin' " so to speak. What wasthe Qube 3 doing to ignore/absorb this traffic that is overwhelming the memory in this Cisco 1605R ?
Yeah... there's a lot of nasty out there. I've been seeing some of it in my logcheck reports - lots of attempts on 135 from pop-up spammers and virally-infected machines, and lately a lot of attempts on 1434 from people trying to exploit MS-SQL. (Good luck... :-) My gut tells me I need to tell PortSentry to bind to those ports, then open them in the firewall and let PortSentry drop the probers in a network black hole, but I haven't taken the time yet.
What's given our Qube3 headaches has been the spam... DNSBL checks are rejecting north of 2000 connections per day, then over that there's spamd/spamc running. On two distinct occasions last weekend (with nobody in the office to use things like samba, or put a lot of web traffic through the network), the poor thing had a high enough load average that sendmail cut out to let things cool off.
If I need to buy new hardware just to handle some of the jobs Bluebird does, so it can cope with email... well, that would be a price tag on spam, right there.
pjm