[63768] in North American Network Operators' Group
Re: Wired mag article on spammers playing traceroute games with trojaned
daemon@ATHENA.MIT.EDU (Jeff Kell)
Thu Oct 9 21:59:50 2003
Date: Thu, 09 Oct 2003 21:52:03 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: "Laurence F. Sheldon, Jr." <larrysheldon@cox.net>
Cc: Margie Arbon <margie@mail-abuse.org>,
Susan Harris <srh@merit.edu>, NANOG <nanog@merit.edu>
In-Reply-To: <3F8600F3.E4503D89@cox.net>
Errors-To: owner-nanog-outgoing@merit.edu
Laurence F. Sheldon, Jr. wrote:
> Margie Arbon wrote:
>>With all due respect, we have a *problem*. End user machines on
>>broadband connections are being misconfigured and/or compromised in
>>frightening numbers. These machines are being used for everything
>>from IRC flooder to spam engines, to DNS servers to massive DDoS
>>infrastructure. If the ability of a teenager to launch a gb/s DDoS,
>>or of someone DoSing mailservers off the internet with a trojan that
>>contains a spam engine is not operational, perhaps it's just me
>>that's confused.
> I believe that to be one of the most succint summaries of the issues
> as I have read.
I concur whole-heartedly. Add on the background noise of still
unpatched Code Red, Nimda, SQL Slammer, Blaster, and the scanning for
open servers (ftp, smtp, proxy, squid, socks, wingate, etc) and we are
talking about a considerable amount of [malicious] bandwidth waste.
Adding further to that we have ridiculous quantities of ICMP spewing
from Nachi/Welchia infections.
The average household broadband connections are indeed being
compromised, but our "threshold of pain" seems to be exponentially
growing as the background noise gets louder and louder, and unusual
spikes get drowned out by P2P. It takes a major catastrophe like
Slammer or Blaster to get anyone's attention anymore (above the abuse
reports from IWFs (Idiots With [personal] Firewalls).
Jeff
