[32354] in North American Network Operators' Group
Re: Operational impact of filtering SMB/NETBIOS traffic?
daemon@ATHENA.MIT.EDU (David Avery)
Sun Nov 19 23:26:01 2000
Date: Sun, 19 Nov 2000 21:23:40 -0700
From: David Avery <daa@rmi.net>
To: Mike Johnson <mike.johnson@isunnetworks.com>, nanog@merit.edu
Message-ID: <20001119212339.A22670@daa.dyndns.org>
Mail-Followup-To: David Avery <daa@rmi.net>,
Mike Johnson <mike.johnson@isunnetworks.com>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20001119220445.B1728@i-sun.net>; from mike.johnson@isunnetworks.com on Sun, Nov 19, 2000 at 10:04:45PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
I would hope leased line/colo machines would be better set up, but I am probably
dreaming.
Just for referance I an one of the net/security admins at distributed.net
and there are a number of win* worms running arounf in the wild carrying
the distributed.net client as part of their payload.
So far in the past 3 months ( since the worms appeared) I have logged
over 400,000 unique IP addresses returning data to distributed.net
from installs created by the worms. We have spot checked a number of
these IPs and find win9x boxes with open C shares and signs on multiple
infestation including QAZ and other DDoS payloads.
daa
daa@distributed.net
