This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Patrick, >Date: Mon, 29 Mar 2004 09:45:08 -0700 >From: Unidata Support <address@hidden> >Organization: University of Northern Illinois >To: address@hidden >Subject: 20040329: IDD/LDM - RPC Question The above message contained the following: > I was contacted by our university network admin this morning about about a > problem over the weekend between my upstream feed and my machine that > triggered an intrusion detection on his end. It seems that the upstream > feed was sending "incomplete RPC segments" and "multiple RPC records" WAY > above normal. For example, on Friday, about 15,000 were detected, but over > the weekend, 2.8 million and 2.45 million were detected, triggering a report > to him. I see no problems in my machine's logs, in latencies over the > weekend, or in the data itself. I also am not a networking expert, and was > wondering if anyone could help explain what feature of the LDM/IDD could > cause this, so I can put his mind at ease, for this case and in the event of > future problems. I have pretty much convinced him that it isn't malicious > communication, but want to provide a bit more info to him. Thanks! It could be that the connection was broken for some reason and when re-established later, the downstream LDM requested all the data that it missed. This would appear as a continuous slew of RPC messages until the downstream LDM caught up. If the RPC messages were to a downstream LDM, then no harm can come to the system. Regards, Steve Emmerson LDM Developer