[55251] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Sat Jan 25 23:00:17 2003
From: matthew@eeph.com (Matthew Kaufman)
Date: Sat, 25 Jan 2003 19:26:49 PST
In-Reply-To: Dave Stewart <dbs@dbscom.com>
"Re: Level3 routing issues?" (Jan 25, 20:32)
To: Dave Stewart <dbs@dbscom.com>, nanog@merit.edu
Cc: matthew@eeph.com
Errors-To: owner-nanog-outgoing@merit.edu
> I've seen various references to this worm firing off and saturating
> networks worldwide within 1 minute... if *that* isn't scary, I don't know
> what is. It shows that someone, with the right tools and enough vulnerable
> servers can take out a good portion of the Internet in seconds. And how
> can we predict *every* possible issue and block it?
The good news with this worm was that the ports it used had low real utility
for inter-provider traffic. Compare and contrast to Code Red, where "block
TCP port 80" isn't such a great way to slow down the worm if you have any
customers who like to use "the web"
A combination of the speed at which this spread and a port nobody wants to
block will undoubtedly happen in the future, and be ugly, both.
Matthew Kaufman
matthew@eeph.com (home)
mkaufman@dsl.net (work)
