[65306] in North American Network Operators' Group
Re: Increase in traffic to/from DSL subs since August?
daemon@ATHENA.MIT.EDU (Petri Helenius)
Thu Nov 20 16:49:04 2003
Date: Thu, 20 Nov 2003 23:47:58 +0200
From: Petri Helenius <pete@he.iki.fi>
To: "Jared B. Reimer" <jared@theriver.com>
Cc: nanog@merit.edu
In-Reply-To: <6.0.0.22.2.20031120125430.031eaeb0@LOCALHOST>
Errors-To: owner-nanog-outgoing@merit.edu
Jared B. Reimer wrote:
>
> Greetings.
>
> Another independent ISP operator and I have noticed a pretty
> significant increase in traffic to and from our broadband (DSL)
> subscribers since August. It's been a fairly steady uptick, at least
> in my case, resulting in a doubling of overall average traffic to/from
> these folks since then.
>
> Have others seen a similar trend? Any thoughts as to what the cause
> may be? Our best guess a virus/worm, possibly being used as a spam
> relay or other proxy at this point...
>
Welchia would generate large amounts of traffic from the subscribers but
not really that
much towards them because it sends itīs traffic to random IP prefixes,
thus possibility
of hitting local prefixes is not that great. (cannot remember if it had
some bias)
Most consumer heavy networks which used to have spare capacity in the DSL
access enjoy instant traffic growth if they or their upstream upgrades
their peers,
making more bandwidth available to p2p applications.
And last, not least, zombierunners from certain netblocks probably send
instructions to
your users to spew messages around the world advertising their wares.
Just as a side note, we recently announced product to automatically
sandbox and un-sandbox infected machines. Works with dynamic
addresses also.
Pete
