[65304] in North American Network Operators' Group
Re: Increase in traffic to/from DSL subs since August?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Nov 20 16:29:39 2003
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Jared B. Reimer" <jared@theriver.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 20 Nov 2003 13:00:35 PST."
<6.0.0.22.2.20031120125430.031eaeb0@LOCALHOST>
Date: Thu, 20 Nov 2003 16:28:59 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <6.0.0.22.2.20031120125430.031eaeb0@LOCALHOST>, "Jared B. Reimer" wr
ites:
>
>Greetings.
>
>Another independent ISP operator and I have noticed a pretty significant
>increase in traffic to and from our broadband (DSL) subscribers since
>August. It's been a fairly steady uptick, at least in my case, resulting
>in a doubling of overall average traffic to/from these folks since then.
>
>Have others seen a similar trend? Any thoughts as to what the cause may
>be? Our best guess a virus/worm, possibly being used as a spam relay or
>other proxy at this point...
>
At the IETF Plenary, Bernard Aboba showed a graph of spam, with a
marked uptick since SoBig.F in August. My guess is worm-deposited spam
relays, though Joel's guess of Nachi or Welchia can't be ruled out,
either, without flow data.
--Steve Bellovin, http://www.research.att.com/~smb
