[66680] in North American Network Operators' Group
Nachi/Welchia Aftermath
daemon@ATHENA.MIT.EDU (Brent Van Dussen)
Tue Jan 20 17:23:38 2004
Date: Tue, 20 Jan 2004 14:22:52 -0800
To: NANOG <nanog@merit.edu>
From: Brent Van Dussen <vandusb@attens.com>
Errors-To: owner-nanog-outgoing@merit.edu
Well folks, since the middle of August I've been tracking the spread and
subsequent efforts by our community to stop the nachia/welchia infection
that took down so many networks.
Sadly, by my estimations, only about 20-30% of infected hosts were
cleaned. After Jan 1, 2004 it appears that the thousands, (millions?) of
remaining infected hosts were rebooted and the worm removed
itself. Network traffic has finally returned to normal.
What kind of effects did everyone see from this devastating worm and what
lessons did we learn for preventing network downtime in the future?
