[42591] in North American Network Operators' Group
Re: Worm probes
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Sep 18 11:57:32 2001
Date: Tue, 18 Sep 2001 11:49:03 -0400
From: Joe Abley <jabley@automagic.org>
To: up@3.am
Cc: nanog@merit.edu
Message-ID: <20010918114903.N52922@buffoon.automagic.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.10.10109181101540.36780-100000@richard2.pil.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Sep 18, 2001 at 11:05:35AM -0400, up@3.am wrote:
> ugh...this is way more impact...a 128k ISDN customer running an NT/Win2k
> box is at 100% BW, and my 2x T1's are at about 2x normal traffic for this
> time of day, although still well short of capacity...apache server
> processor load is WAY up just from the requests, and the logs are growing
> like mad.
I'm sitting behind a dialup box right now, and I just added a log
clause to an ipf rule matching connection attempts to port 80.
I'm averaging 35 probes per minute. Blocking them is quite beneficial
to performance on a v.34 connection :)
Joe
