> http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html > Was it not
> known that under certain conditions the router would flatline? What
> percautionary measures were put into place in such an event to limit
> the damage?
scheduler allocate
-hc
On Tue, Jan 28, 2003 at 03:34:15PM +, [EMAIL PROTECTED] wrote:
> Some BGP-speaking routers (not all, by any means, but some subpopulation)
> found themselves pegged at 100% CPU on Saturday. Just one example:
>
>http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html
I wonder how
At 09:47 AM 28-01-03 -0600, Jack Bates wrote:
From: <[EMAIL PROTECTED]>
> On the other hand, we also know (from private communications and from
> other mailing lists.. ahem) that high rate and high src/dst diversity
> of scans causes some network devices to fail (devices that cache flows, or
>
From: <[EMAIL PROTECTED]>
> On the other hand, we also know (from private communications and from
> other mailing lists.. ahem) that high rate and high src/dst diversity
> of scans causes some network devices to fail (devices that cache flows, or
> devices that suffer from cpu overload under suc
> > So far it's been visible as an apparently accidental byproduct of an
> attack
> > with other goals. Are you willing to bet your bifocals that the same
> > mechanism can't be weaponized and used against the routing infrastructure
> > directly in the future?
> >
>
> Yet the question becomes th
From:
>
> So far it's been visible as an apparently accidental byproduct of an
attack
> with other goals. Are you willing to bet your bifocals that the same
> mechanism can't be weaponized and used against the routing infrastructure
> directly in the future?
>
Yet the question becomes the reaso
> > Wow, for a minute I thought I was looking at one of our old
> > plots, except for the fact that the x-axis says January 2003
> > and not September 2001 :) :)
>
> seeing that the etiology and effects of the two events were quite
> different, perhaps eyeglasses which make them look the same ar
at Monday, January 27, 2003 7:50 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
was seen to say:
> This is not correct. VPN simply extends security policy to a different
> location. A VPN user must make sure that local security policy
> prevents other traffic from entering VPN connection.
This is nice
On Sat, 25 Jan 2003, Bill Woodcock wrote:
>
> On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
> > > Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
> > > Looks like we may have a winner for DDoS of the year (so far)
> > What kind of traffic levels are
On Mon, Jan 27, 2003 at 06:15:33PM -0800, Randy Bush mooed:
>
> > Wow, for a minute I thought I was looking at one of our old
> > plots, except for the fact that the x-axis says January 2003
> > and not September 2001 :) :)
>
> seeing that the etiology and effects of the two events were quite
>
> Wow, for a minute I thought I was looking at one of our old
> plots, except for the fact that the x-axis says January 2003
> and not September 2001 :) :)
seeing that the etiology and effects of the two events were quite
different, perhaps eyeglasses which make them look the same are
not as usef
> > here's a plot showing the impact on BGP routing tables from seven ISPs
> > (plotted using route-views data):
> > http://www.research.att.com/~griffin/bgp_monitor/sql_worm.html
>
> And as an interesting counterpoint to this, this graph shows
> the number of BGP routing updates received at
> > Deny everything.
> > Allow outbound port 80
> Bzzt! You just let in an ActiveX exploit. Or Javascript. Or
And I have successfully blocked everything other than AcriveX or JavaScript
or whatever else.
> > Allow mail server to 25
>
> Bzzt! You just let in a new Outlook exploit.
It is ta
On Sun, Jan 26, 2003 at 12:17:20AM -0500, Tim Griffin mooed:
>
>
> hc wrote:
> > I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as
> > well.
>
> here's a plot showing the impact on BGP routing tables from seven ISPs
> (plotted using route-views data):
> http://www.resea
Simon Lockhart <[EMAIL PROTECTED]> wrote:
>
> On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote:
> > Again, but why does it talk to the outside world unsupervised? Your
> > organization clearly has a border that separates its internal systems
from
> > external ones. Why not apply
On Mon, 27 Jan 2003 16:00:51 EST, [EMAIL PROTECTED] said:
> It is very easy.
>
> Deny everything.
> Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or
> Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
> If you need AIM, allow AIM from w
> But, we were talking about end-user connected into the inside network using
> a VPN. That user needs to have pretty much unfettered access to the
> business parts of your internal network. (Okay, mission critical stuff
> should be seperately firewalled, but MS makes that hard enough, due to
> th
On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote:
> Again, but why does it talk to the outside world unsupervised? Your
> organization clearly has a border that separates its internal systems from
> external ones. Why not apply those restrictions on *those* borders?
From inside t
> That's fine for a non-MS view of the world (admittedly, a view I prefer),
> but then you've got to allow TCP 138/139 to all the MS servers in your
> organisation (why couldn't they seperate auth from file sharing from...).
> And then whatever protocols Outlook uses to talk to your
> Exchange se
On Mon Jan 27, 2003 at 04:00:51PM -0500, [EMAIL PROTECTED] wrote:
> It is very easy.
>
> Deny everything.
> Allow outbound port 80
> Allow mail server to 25
> Allow ident
> If you need netmeeting, allow netmeeting server to other servers.
> If you need AIM, allow AIM from workstations to oscar.a
> > > Given that the head of one of our three-letter-agencies managed to get
> > > this sort of thing wrong, what makes you think that Joe Middle-Manager
> > > who's more concerned about fixing a spreadsheet will get it correct?
> >
> > Because it is not that difficult. A security policy of a li
On Mon, Jan 27, 2003 at 08:10:15PM +, Simon Lockhart wrote:
>
> As I suspected, but I keep being told that these problems were in old style
> VPN clients, and stuff is much better these days. I remain unconvinced.
A good VPN client (I'm familiar with Nortel) will enforce no *simultaneous*
ac
On Mon, 27 Jan 2003 15:33:34 EST, [EMAIL PROTECTED] said:
>
> > > This is not correct. VPN simply extends security policy to a different
> > > location. A VPN user must make sure that local security policy prevents
> > > other traffic from entering VPN connection.
> >
> > Given that the head of
> > This is not correct. VPN simply extends security policy to a different
> > location. A VPN user must make sure that local security policy prevents
> > other traffic from entering VPN connection.
>
> Given that the head of one of our three-letter-agencies managed to get
> this sort of thing wr
> On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
> > > Alex, although technically correct, its not practical. How many end users
> > > vpn in from home from say a public ip on their dsl modem leaving
> > > themselves open to attack but now also having this connection back to th
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
> > Alex, although technically correct, its not practical. How many end users
> > vpn in from home from say a public ip on their dsl modem leaving
> > themselves open to attack but now also having this connection back to the
> > "S
On Mon, 27 Jan 2003 14:50:22 EST, [EMAIL PROTECTED] said:
> This is not correct. VPN simply extends security policy to a different
> location. A VPN user must make sure that local security policy prevents
> other traffic from entering VPN connection.
Given that the head of one of our three-letter
On Mon, 27 Jan 2003, Scott Granados wrote:
>
> Alex, although technically correct, its not practical. How many end users
> vpn in from home from say a public ip on their dsl modem leaving
> themselves open to attack but now also having this connection back to the
> "Secure" inside network. Has
> Alex, although technically correct, its not practical. How many end users
> vpn in from home from say a public ip on their dsl modem leaving
> themselves open to attack but now also having this connection back to the
> "Secure" inside network. Has anyone heard of any confirmed cases of this
>
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
"Secure" inside network. Has anyone heard of any confirmed cases of this
yet?
On
> > Note that in the case of a worm, a VPN could work against you. If you
> > have all the right filters in place at your "perimeter" and yet let
> > your employees in through a VPN solution of some sort, you could still
> > be screwed if one of their home systems gets infected somehow.
>
> So wh
On Sat, Jan 25, 2003 at 06:47:49PM +, [EMAIL PROTECTED] said:
>
> > Third point to the correlation above: The vast majority of Windows admins
> > are dingbat-morons, self-proclaimed experts. Had then not been
> > dingbat-morons, and applied the readily available and widely announced
> > patche
On Sat, Jan 25, 2003 at 06:51:01PM +, [EMAIL PROTECTED] said:
>
>>> True altho it does appear to affect MS more so than it ought to even
>>> considering
>>> their market lead.
>>
>> What evidence do you have here? If I count the number of DDOS attacks
>> from insecure Linux boxes that we've se
It is entirely possible that my customer was referring to 2K-SP3. I
am glad to hear some positive _tested_ results on SQLSP3 with the new
worm.
-Steve
On Sat, Jan 25, 2003 at 06:43:56PM -0500, Dave Stewart eloquently stated:
>
> At 05:10 PM 1/25/2003, you wrote:
>
> >We have had multiple cust
From: "Tony Kapela"
>
>
>
>
> Maybe the underlying theme is that, for whatever reasons (market
> preassures, business idiocy?), we find ourselves on a network that's
> largely a collection of monoculture hosts -- win32 on x86.
>
It's been awhile, but both sendmail and cisco routers themselves ha
From: "Michael Lamoureux"
>
> Note that in the case of a worm, a VPN could work against you. If you
> have all the right filters in place at your "perimeter" and yet let
> your employees in through a VPN solution of some sort, you could still
> be screwed if one of their home systems gets infect
On 26 Jan 2003, Michael Lamoureux wrote:
>
> "dave" == Dave Stewart <[EMAIL PROTECTED]> writes:
>
> dave> I've seen various references to this worm firing off and
> dave> saturating networks worldwide within 1 minute... if *that* isn't
> dave> scary, I don't know what is. It shows that some
"dave" == Dave Stewart <[EMAIL PROTECTED]> writes:
dave> I've seen various references to this worm firing off and
dave> saturating networks worldwide within 1 minute... if *that* isn't
dave> scary, I don't know what is. It shows that someone, with the
dave> right tools and enough vulnerable ser
On Sat, 25 Jan 2003, K. Scott Bethke wrote:
> > Keep in mind that these problems aren't from 'well behaved' hosts, and
> > 'well behaved' hosts normally listen to ECN/tcp-window/Red/WRED
> > classic DoS attack scenario. :(
> I understand the evils, but are we really at the mercy of situation
hc wrote:
> I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as
> well.
here's a plot showing the impact on BGP routing tables from seven ISPs
(plotted using route-views data):
http://www.research.att.com/~griffin/bgp_monitor/sql_worm.html
tim,
http://www.research.att.com
> I've seen various references to this worm firing off and saturating
> networks worldwide within 1 minute... if *that* isn't scary, I don't know
> what is. It shows that someone, with the right tools and enough vulnerable
> servers can take out a good portion of the Internet in seconds. And
If a customer is infected, then the problem is on their end. The fact that
they don't have throughput is their issue, not that of the provider's.
Many, many customers don't understand this - if they don't have throughput,
it's the provider's problem and the provider has to fix it. One of the
At 05:10 PM 1/25/2003, you wrote:
We have had multiple customers who had SP3 on their boxes that were
hit. SP3 was _supposed_ to include this patch, there is no
verification so far that it did.
Since all the providers have been blocking the attack spread from the
routers, installing SP3 on box
On Sat, Jan 25, 2003 at 10:02:54PM +, Christopher L. Morrow wrote:
>
> On Sat, 25 Jan 2003, Avleen Vig wrote:
> >
> > The market we are in was specifically bred by Microsoft in the 90's when
> > they claimed Windows was so eay to use, anyone could admin it.
> > They've since changed their tun
From: "K. Scott Bethke"
>
> Well not everyone plays fair out there. I imagine this is built into
SLA's
> too right? "My network will be up as long as everyone is well behaved"
>
You know that customers won't behave. Prepare for it.
> I understand the evils, but are we really at the mercy of sit
On Sat, Jan 25, 2003 at 08:56:06AM -0800, Bill Woodcock wrote:
>
> > > Dunno, arent they negligent?
> > > In any other industry a fundemental flaw would be met with lawsuits, in the
> > > computer world tho people seem to get around for some reason.
> >
> > Not true, look at c
MS SQL SP3, _NOT_ MS Windows 2000 SP3.
BIG DIFFERENCE.
http://www.microsoft.com/sql/downloads/2000/sp3.asp
On Sat, 25 Jan 2003, Stephen Milton wrote:
>
> We have had multiple customers who had SP3 on their boxes that were
> hit. SP3 was _supposed_ to include this patch, there is no
> verif
On Sat, Jan 25, 2003 at 02:10:59PM -0800, Stephen Milton wrote:
>
> We have had multiple customers who had SP3 on their boxes that were
> hit. SP3 was _supposed_ to include this patch, there is no
> verification so far that it did.
>
> Since all the providers have been blocking the attack sprea
From: "Robert A. Hayden"
> What about doing some priority-based QoS? If a single IP exceeds X amount
> of traffic, prioritize traffic above that threshold as low. It would keep
> any one single host from saturating a link if the threshold is low.
>
> For example, you may say that each IP is li
On Sun, 26 Jan 2003, Rafi Sadowsky wrote:
>
>
> ## On 2003-01-25 20:04 - Stephen J. Wilcox typed:
>
> SJW>
> SJW>
> SJW> Heres my advice to the uninitiated. Run linux, run firewalls, disable what you
> SJW> dont need and listen to folks who have real world experience.
> SJW>
> SJW> Stev
## On 2003-01-25 20:04 - Stephen J. Wilcox typed:
SJW>
SJW>
SJW> Heres my advice to the uninitiated. Run linux, run firewalls, disable what you
SJW> dont need and listen to folks who have real world experience.
SJW>
SJW> Steve
SJW>
Please don't start a flame war about this but are yo
MS> Date: Sat, 25 Jan 2003 10:17:01 -0800 (PST)
MS> From: Marc Slemko
MS> It is interesting to note that one inadvertent advantage of open
MS> source (when it requires people to compile from source, and pick
MS> and choose options at compile time... popular distributions with
MS> precompiled pac
On Sat, 25 Jan 2003, Avleen Vig wrote:
>
> On Sat, Jan 25, 2003 at 05:08:22PM +, Stephen J. Wilcox wrote:
> > > Also; everyone who just posted to this list made it abundantly clear that
> > > they don't have a firewall in front of at least one MS SQL server on their
> > > network. Should you
We have had multiple customers who had SP3 on their boxes that were
hit. SP3 was _supposed_ to include this patch, there is no
verification so far that it did.
Since all the providers have been blocking the attack spread from the
routers, installing SP3 on boxes post-attack hasn't really been pu
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
>
> I've not looked at any great detail into the exact sources but of the few I
> looked at earlier I was surprised to find them on ADSL .. these may be corporate
> networks this is the bit I dont know but some of them seemed to be residential,
> weir
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
>
> I've not looked at any great detail into the exact sources but of the few I
> looked at earlier I was surprised to find them on ADSL .. these may be corporate
> networks this is the bit I dont know but some of them seemed to be residential,
> weir
What about doing some priority-based QoS? If a single IP exceeds X amount
of traffic, prioritize traffic above that threshold as low. It would keep
any one single host from saturating a link if the threshold is low.
For example, you may say that each IP is limited to 10mb of prioirty
traffic.
On Sat, Jan 25, 2003 at 05:08:22PM +, Stephen J. Wilcox wrote:
> > Also; everyone who just posted to this list made it abundantly clear that
> > they don't have a firewall in front of at least one MS SQL server on their
> > network. Should you really have port 1433/4 open to the world? Would y
On Sat, 25 Jan 2003, Avleen Vig wrote:
>
> On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
> >
> > On Sat, 25 Jan 2003, Avleen Vig wrote:
> >
> > [snip]
> >
> > > Let's not blame MS for admins who don't know how to secure their boxes
> > > :-)
> > > A patch was released mid-20
On Sat, 25 Jan 2003, K. Scott Bethke wrote:
>
> BIll,
> - Original Message -
> From: "Bill Woodcock" <[EMAIL PROTECTED]>
> > I'd agree with it. Except the herds of losers who still buy exploding
> > crap from Vendor M don't seem to be thinning themselves out quickly
>
> dude, the Explod
On Sat, 25 Jan 2003, Neil J. McRae wrote:
> > I think you are on the right lines below in suggesting that products and
> > services should be supplied safe and not require additional maintenance out of
> > the box to make them so (additional changes should make them weaker)
>
> There is no such
> Third point to the correlation above: The vast majority of Windows admins
> are dingbat-morons, self-proclaimed experts. Had then not been
> dingbat-morons, and applied the readily available and widely announced
> patches (as zealously as unix folks patch thier stuff), this'd be all
> moot, and
On Saturday 25 January 2003 10:03 am, Avleen Vig wrote:
> On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
> > On Sat, 25 Jan 2003, Avleen Vig wrote:
> >
> > [snip]
> >
> > > Let's not blame MS for admins who don't know how to secure their
> > > boxes
> > >
> > > :-)
> > >
> > > A pa
On 1/25/03 2:53 PM, "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote:
>
> Keep in mind that these problems aren't from 'well behaved' hosts, and
> 'well behaved' hosts normally listen to ECN/tcp-window/Red/WRED
> classic DoS attack scenario. :(
>
Well not everyone plays fair out there. I i
> I think you are on the right lines below in suggesting that products and
> services should be supplied safe and not require additional maintenance out of
> the box to make them so (additional changes should make them weaker)
There is no such thing as safe! You have control over what risks you w
> Not sure you can claim something you have for free is liable or with
> guarantee
Thats total rubbish. Whether you pay for it or not shouldn't matter.
You might also want to consider reading the various software agreement
licenses that come with various pieces of software both free and non-fr
At 11:56 AM 1/25/2003, Bill Woodcock wrote:
> > Dunno, arent they negligent?
> > In any other industry a fundemental flaw would be met with
lawsuits, in the
> > computer world tho people seem to get around for some reason.
>
> Not true, look at cars and recalls. Also as I u
> > True altho it does appear to affect MS more so than it ought to even considering
> > their market lead.
>
> What evidence do you have here? If I count the number of DDOS attacks
> from insecure Linux boxes that we've seen in the last year, I'd say that its
> on par.
I think you are on the
From: "Grant A. Kirkwood"
>
> Can we perhaps skip the post-traumatic blame syndrome this time? I can see
> where this is going already...
>
It's inevitable. Despite the early morning wakeups and people being required
to quit watching tv and actually troubleshoot and work on their network,
they a
> From: "Jack Bates" <[EMAIL PROTECTED]>
> To: "Avleen Vig" <[EMAIL PROTECTED]>, "Bill Woodcock"
<[EMAIL PROTECTED]>
> Cc: "Mikael Abrahamsson" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: Level3
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> Including the developers of SSHD, HTTPD, NAMED, CVS?
>
> How about Linus? Wanna call him up?
>
> I am no windows cheerleader, but to think this is something that happens
> only in windows-land is whack -- might as well put your head in the sand.
It i
> Would it not also be a good idea/practice *not* to ever let a MS SQL
> server (or *any* database server) sit on a network that is directly
> accessible from the internet ? Having a firewall(s) in front of your
> database server regardless of the type is pretty much common sense, right?
>
>
On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
>
> On Sat, 25 Jan 2003, Avleen Vig wrote:
>
> [snip]
>
> > Let's not blame MS for admins who don't know how to secure their boxes
> > :-)
> > A patch was released mid-2002 and was also part of SQL Server SP3
>
> Would it not also
BIll,
- Original Message -
From: "Bill Woodcock" <[EMAIL PROTECTED]>
> I'd agree with it. Except the herds of losers who still buy exploding
> crap from Vendor M don't seem to be thinning themselves out quickly
dude, the Exploding Cars are so much easier to drive than the ones from
Vendo
FYI we're not seeing any particular problems with Qwest here in Houston,
TX (connected off iah-edge-04).
Is anyone (CERT, etc.) starting to collect lists of affected hosts via
log submissions so we can get this stuff reported?
On Sat, 25 Jan 2003, Andy Dills wrote:
> Oh, and the master ticket nu
>From what I have read and researched, it does.
On Sat, 25 Jan 2003, Jack Bates wrote:
>
> From: "Avleen Vig"
>
> >
>
> > Let's not blame MS for admins who don't know how to secure their boxes
> > :-)
> > A patch was released mid-2002 and was also part of SQL Server SP3
> >
> >
>
> Has it b
On Sat, Jan 25, 2003 at 08:56:06AM -0800, Bill Woodcock wrote:
>
> > > Dunno, arent they negligent?
> > > In any other industry a fundemental flaw would be met with lawsuits, in the
> > > computer world tho people seem to get around for some reason.
> >
> > Not true, look at c
On Saturday 25 January 2003 09:08 am, Stephen J. Wilcox wrote:
> On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> > On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
> > > > Somebody remind me why Microsoft is still allowed to exist?
> > >
> > > Dunno, arent they negligent?
> > >
> > > In any other indus
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
> > How about Linus? Wanna call him up?
>
> Not sure you can claim something you have for free is liable or with guarantee
In today's legal climate, I bet you can :)
> > I am no windows cheerleader, but to think this is something that happens
> >
On Sat, 25 Jan 2003, Avleen Vig wrote:
[snip]
> Let's not blame MS for admins who don't know how to secure their boxes
> :-)
> A patch was released mid-2002 and was also part of SQL Server SP3
Would it not also be a good idea/practice *not* to ever let a MS SQL
server (or *any* database serve
On Sat, Jan 25, 2003 at 02:57:16AM -0500, Alex Rubenstein wrote:
>
> MS SQL, or SQL Monitor?
Are those two separate programs? I don't know; I'm not a windows guy. I
just watched over the shoulders of a few other techs as they shut what
appeared to be everything-MSSQL down. I just found the blink
From: "Avleen Vig"
>
> Let's not blame MS for admins who don't know how to secure their boxes
> :-)
> A patch was released mid-2002 and was also part of SQL Server SP3
>
>
Has it been verified that the mid-2002/SP3 patches work? I haven't heard
anything difinitive on this yet.
Jack Bates
Netwo
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
> On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
>
> > > Somebody remind me why Microsoft is still allowed to exist?
> >
> > Dunno, arent they negligent?
> >
> > In any other industry a fundemental flaw would be met with lawsuits, in the
> > computer
> Dunno, arent they negligent?
>
> In any other industry a fundemental flaw would be met with lawsuits, in the
> computer world tho people seem to get around for some reason.
Not true, look at cars and recalls. Also as I understand it MS
issued a fix for this sometime ago - it the users who di
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
> > Somebody remind me why Microsoft is still allowed to exist?
>
> Dunno, arent they negligent?
>
> In any other industry a fundemental flaw would be met with lawsuits, in the
> computer world tho people seem to get around for some reason.
>
> Steve
On Sat, 25 Jan 2003, Andy Dills wrote:
> Yet, with Genuity, I don't seem to be having difficulties reaching
> anywhere. Are people still being absolutely ravaged by the worm at this
> minute? I personally never saw any serious increase of traffic on my
> network, I guess I'm enough to have colo c
> > Dunno, arent they negligent?
> > In any other industry a fundemental flaw would be met with lawsuits, in the
> > computer world tho people seem to get around for some reason.
>
> Not true, look at cars and recalls. Also as I understand it MS
> issued a fix for this some
On Sat, Jan 25, 2003 at 01:13:30AM -0800, Bill Woodcock wrote:
>
> On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
> > > Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
> > > Looks like we may have a winner for DDoS of the year (so far)
> > What kind of
On Sat, 25 Jan 2003, Bill Woodcock wrote:
>
> On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
> > > Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
> > > Looks like we may have a winner for DDoS of the year (so far)
> > What kind of traffic levels are
> my transit traffic doubled (luckily it is the low time of the night for
> me) from 10-12ish
I work at a really large east coast University. Our sensors show the problem
starting between 12:30-12:45am this morning...
Eric :)
Interesting. Qwest is still extremely hosed; I can get routes from them,
but packets are not getting anywhere on their network NATIONWIDE,
according to the person I just talked to.
I asked if this was related to the new worm that popped up, and she didn't
know, she only knew that it was affectin
7;ve doubled my network traffic since 11:30ish PM CST...
> >
> > If anyone has an idea of whats going on...
> >
> > AS5006 is where I'm at.
> >
> > -Eric
> >
> > On Sat, 25 Jan 2003, Andy Dills wrote:
> >
> >> Date: Sat,
> Not just L3Genuity is getting whacked. ELI is getting whacked.
> Somebody needs to be gelded.
the worm is not limited to any isp/nsp
would advise all and sundry to start filtering
On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
> > Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
> > Looks like we may have a winner for DDoS of the year (so far)
> What kind of traffic levels are you seeing?
I'm working on it for some friends, and I'
3 01:37:29 -0500 (EST)
From: Andy Dills <[EMAIL PROTECTED]>
To: Alex Rubenstein <[EMAIL PROTECTED]>
Cc: hc <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Level3 routing issues?
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
>
&g
and GBLX.
-Original Message-
From: Alex Rubenstein [mailto:[EMAIL PROTECTED]]
Sent: Sat 1/25/2003 1:04 AM
To: hc
Cc: [EMAIL PROTECTED]
Subject: Re: Level3 routing issues?
I dunno about that. But, I am seeing, in the last couple hours, all kinds
of new traffic.
like, customers
On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
> What kind of traffic levels are you seeing? With a handful of /16 etc
> we're not seeing more than 5-10 megabits of traffic according to my
> global transit graphs.
We had a IIS server in our collocation center start spewing data at 70mb/s
towards
Has someone reported the details to CERT yet?
Preferably someone who's got logs and such?
-george william herbert
[EMAIL PROTECTED]
From: "Mikael Abrahamsson"
>
> What kind of traffic levels are you seeing? With a handful of /16 etc
> we're not seeing more than 5-10 megabits of traffic according to my
> global transit graphs.
>
> People who havent null routed their unused prefixes properly will probably
> see a lot of problem
* Josh Richards <[EMAIL PROTECTED]> [20030124 23:25]:
>
> Same here. We first saw what looked like a DoS at about
> 09:00 PST. We're seeing strange stuff all over the place.
Oops, meant to say 09:30 PST.
-jr
Josh Richards
Geek Research, LLC - Digital West Networks, Inc - San Luis Ob
1 - 100 of 132 matches
Mail list logo