[55100] in North American Network Operators' Group
Worm on 1434 (was Re: Level3 routing issues?)
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Sat Jan 25 09:11:53 2003
Date: Sat, 25 Jan 2003 02:21:32 -0500
To: Aaron Burnett <listkeep@yet-another.com>
From: Mike Tancsa <mike@sentex.net>
Cc: Alex Rubenstein <alex@nac.net>, hc <haesu@towardex.com>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0301250118590.31773-100000@vengeful.webgods.
net>
Errors-To: owner-nanog-outgoing@merit.edu
Same here, I thought at first it was some really strange effect of my ATM
switch upgrade as the traffic started almost at the exact same time. I am
seeing a 100% increase in traffic right now and a chunk of my colo
customer's machines are infected.
---Mike
At 01:19 AM 1/25/2003 -0500, Aaron Burnett wrote:
>On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
> >
> >
> > I dunno about that. But, I am seeing, in the last couple hours, all kinds
> > of new traffic.
> >
> > like, customers who never get attacked or anything, all of a sudden:
> >
> >
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
> >
> >
> > We are seeing this on ports all across out network -- nearly 1/2 our ports
> > are in delta alarm right now.
> >
> > Anyone else?
> >
>
>Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from all over
>the world to any address on my network.
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
