[55101] in North American Network Operators' Group
Re: New worm / port 1434?
daemon@ATHENA.MIT.EDU (Scott Call)
Sat Jan 25 09:19:05 2003
Date: Sat, 25 Jan 2003 02:11:24 -0800 (PST)
From: Scott Call <scall@devolution.com>
To: <nanog@nanog.org>
In-Reply-To: <007501c2c445$ec791160$f378a541@amplex.net>
Errors-To: owner-nanog-outgoing@merit.edu
I'm seeing obscene amounts of 1434/udp traffic at my transit and peering
points. I've filtered it out in both directions everywhere my network
touches the outside world. It's almost 20% of my traffic at this point.
I think I've calmed the internal storm so far, but we'll see.
I saw refence to an ICMP "trigger" packet. Is there any info on this and
is it possible to filter for it w/o killing all ICMP traffic? It'd be
nice to know I won't have any more routers or switches fall over tonight.
Colo customers seem to be the worst off, the rate limiting kills the
router or the traffic kills the backbone. decisions, decisions...
-S
--
Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
"Nothing is less productive than to make more efficient what should not be
done at all." -Peter Drucker
