Nachi
- From: Phill Hardstaff <phillh@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 20 Nov 2003 08:16:11 +1100
Can anyone tell me why the Nachi worm brings my ISA firewall to it's knees,
I have ICMP disabled outgoing but as soon as I get a machine behind the
firewall with Nachi on it the firewall service goes to 100%, the server
looks like it's dead but it's not, disconnect the internal NIC and it comes
back to life straight way, even if I disable my DNS server (behind the
firewall) it still stays at 100%, so it's not ICMP and it's not DNS, so what
is it and more importantly how come ISA chokes on it so easily ?
I could understand ISA choking on 100 Nachi boxes on a 100Mb internal link
but yesterday I had 2 infected machines behind the firewall connected over a
128Kb link taking the firewall service to 100% ?? I have even turned off
logging and anything else that might use up CPU, still the same happens. I
am seriously considering changing firewalls.
Cheers
Phill
Phill Hardstaff
MCSA, CCNA, A+, Network+, Inet+, Server+, CIW Assoc.
Senior Support Engineer
Secretariat of the Pacific Community
B.P. D5
Noumea Cedex - 98848
New Caledonia
Phone +687-260141
Mobile +687 838091
Fax +687-263818
Email phillh@xxxxxxx
SPC Web Page http://www.spc.int/
Personal Web Page http://www.hardstaff.com/
Personal Email Phill@xxxxxxxxxxxxx
Personal Fax +1 (603) 299-5640
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003
Other related posts:
