Solved

3Com Hub Problem

Posted on 2001-09-18
3
321 Views
Last Modified: 2010-04-17
Our company maintains over 1000 managed 3Com 3C16406 24-port 10BaseT shared hubs and have for a few years now.  They have worked very well for us but since last Friday (09/14/2001), random hubs on different subnets in different buildings more than likely under different traffic loads have stopped answering pings.  The users on the hubs seem to be working fine but the IP management on the hubs won't answer to pings.  Power cycling the hubs fixes the problem.  Telnet and web access is disabled on all of the hubs.  Only SNMP and console access is enabled.  Have there been attacks that other network engineers have noticed in the last 5 days or so that are similar to what we are seeing??
0
Comment
Question by:dekkyb
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
contrazoom earned 300 total points
ID: 6493804
Hmm, I think you have been infected by the code red worm. Disable port 80 and see if 3Com has a bug fix available.
Kind Rgds
Contrazoom
0
 

Author Comment

by:dekkyb
ID: 6505758
From looking at sniffer traces, it appears that our hubs are being hit through port 80 by machines infected with a couple different viruses.  The problem is that even though we have port 80 disabled on the hubs and even though port 80 won't accept access to the hub management, the port still acknowledges that it was probed.  Therefore, when it gets hammered from an infected machine, it blocks the entry but replies with an acknowledgement which still takes away bandwidth from the hub until the hub management finally gets confused to the point of no return.  Is there a way to truly cause port 80 on the hubs to turn a deaf ear to port 80 probes and hence not even reply with an acknowledgement? That would probably fix our problem.
0
 

Author Comment

by:dekkyb
ID: 6512182
I believe we are also being hit by the Nimda virus but...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wifi(LAN) GW being picked up 2 45
PORT NUMBER FOR FIOS ROUTER 5 50
recover cisco router password 5 49
Vlan to Vlan communication 9 81
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now