Re: looking for Slammer infectee access link speeds
With colleagues I'm working on Internet-scale modeling of Slammer's behavior. Its spreading dynamics significantly differed from those of most worms, an effect we're pretty sure is related to the fact that unlike most worms, an infected host's scanning often clogged the host's access link. I think a more interesting aspect of this particular worm is that it only takes a single packet to infect a vulnerable host. As far as I know no other worm can do this. The effect is that even packets to broadcast or multicast address have the potential to infect. I think this is really the most important point. Link speeds and such are not as significant, maximum packet rates probably are. The compromised servers didn't need to wait for confirmation of the packets they spit out, and since a high percentage of the packets between normal levels of traffic and pipe speed [until pipe speed was reached] you get a very high infection rate in moments. Every other virus had to do a long more talking, was a lot more dependent on reciprocal communication. It might be interesting to model how many pps infected machines would have to spit out to infect 100% of the Internet in a certain about of time. Deepak Jain AiNET
Re: looking for Slammer infectee access link speeds
[resending from my NANOG-posting address, sigh] I think a more interesting aspect of this particular worm is that it only takes a single packet to infect a vulnerable host. As far as I know no other worm can do this. That was true prior to the March Witty worm. The effect is that even packets to broadcast or multicast address have the potential to infect. It depends on the specifics of the server being exploited. (In Witty's case, it was passive infection!) I can tell you some stuff about AS12854. Thanks!, I'll send you the list off-list. Vern
Worms versus Bots
The antivirus vendors are bemoaning the fact the Sasser worm has been slow to spread. On the other hand, most of the vulnerable computers seem to have already been taken over by one or more Bots days or weeks before the worms arrived. Other than the obvious, don't let a bot on get on your computer in the first place, are there any opinions about the best anti-bot tools for naive computer users? The major virus vendors seem to be having a bit of trouble dealing with bots, frequently recommending manual editing of files and use of regedit. There is also a much longer delay between the apperance of a new bot and updates to antivirus packages.
Re: Mexico City Internet Bandwidth suggestions
Paul, If we were to take a rough poll, which one of the two, Alestra or Avantel, would get the prize for highest uptime/availability? Sorry for the delay. I installed the network as a consultant 3 or so years ago.My client's Operations staff have been extremely competent in handling it since then, so I haven't had to be involved since then. I've asked them for their input, and this is their response ... Alestra has better uptime and is better for national (Mexico) routes. Avantel has better international (especially USA) routes. Hope that helps, Brian
