[61426] in North American Network Operators' Group
Re: Sobig.f surprise attack today
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Thu Aug 28 16:28:10 2003
Date: Thu, 28 Aug 2003 16:24:48 -0400
To: Petri Helenius <pete@he.iki.fi>
From: Mike Tancsa <mike@sentex.net>
Cc: nanog@merit.edu
In-Reply-To: <3F4E6292.8090601@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:14 PM 28/08/2003 +0300, Petri Helenius wrote:
>Mike Tancsa wrote:
>
>>
>>I dont think this would work too well. The users who are infected often=
=20
>>think something is wrong because their connection and computer are not=20
>>working quite right. So they disconnect / reconnect / reboot so they burn=
=20
>>through quite a few dynamic IP addresses along the way.
>This is an artifact of ISP=B4s wanting to have static IP=B4s as an add-on=
=20
>premium service
>so they provide short lease times and change IP as often as it=B4s feasible=
=20
>without
>interrupting service unneccessarily.
Huh ? This is an artifact of the way PM3s and MAX 6096s work with respect=
=20
to how IP addresses are assigned out of pools.... i.e. this is the default=
=20
behaviour. The same goes for our DSL pool.
---Mike=20
