On Mon, 28 Feb 2000, Anton Ivanov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I read the rest of the thread and I noticed various quotations starting with
> 13.xx which I do not see in the dump you attached.
>
> Err... where is everyone reading the tcpdump from? What you sent in the
> beginning finishes at 14.24? And I do not see scanning there. In it there are
> few thing still:
>
> Broken network. See below:
>
> 14:22:28.349230 chaos.analogic.com.who > 204.178.47.255.who: udp 84
>
> The response is broken network/OS:
>
> 1. 10.x.x.x es return broadcasts sent to 204.178.47.255. These are on a
> different network. Unless I am wrong you are not supposed to return anything to
> a broadcast that does not match any of your interfaces broadcast IP addresses.
>
> 2. If NT goes bananas on rwhod it is indeed interesting because it is 100% unix
> specific.
>
> Richard, can you remove rwhod from startup and see if any of the NTs still
> suffer sudden urges to lose sanity?
>
Okay. I got rid of rwhod. It sends a query to broadcast which results in
a storm from the 10.x.x.x M$Garbage machines. It apprears that this
storm is the culprit.
I have restarted the network a few thousand times with a shell-script
doing :
ifconfig eth0 down
kill -TERM -1
sh /etc/rd.d/rc.inet1
sh /etc/rc.d/rc.inet2
... and the M$Garbage machines that were having trouble didn't
croak.
Cheers,
Dick Johnson
Penguin : Linux version 2.3.41 on an i686 machine (800.63 BogoMips).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:19 EST