[67015] in North American Network Operators' Group
Re: Impending (mydoom) DOS attack
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Fri Jan 30 20:10:49 2004
Date: Fri, 30 Jan 2004 20:07:28 -0500
To: nanog@merit.edu
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <20040131001743.GA41281@ussenterprise.ufp.org>
Errors-To: owner-nanog-outgoing@merit.edu
Are there any reliable estimates as to the amount of infected hosts out
there? Looking at my stats for email sent this week, I am seeing a 70:1
ratio for mydoom.a as compared to Swen.a (the next most prevalent virus).
Perhaps if we had some rough #s to work with we could start to approximate
the range of traffic volumes we might see.
---Mike
At 07:17 PM 30/01/2004, Leo Bicknell wrote:
>Having looked for some information to educate myself and my employer,
>I will say a weakness right now is that there is limited info about
>this worm. I have yet to see any good information on how effective
>the attack might be, or what some basic prevention steps (eg
>filtering) might do to the worm.
>
>Backbones don't often have people that disassemble worms. It would
>be nice to find some way for the anti-virus companies to share more
>details quicker with various backbones in order to effectively
>combat the DDOS portion of worms.
>
>If anyone has any good analysis on the current worm (other than "it
>attacks www.sco.com"), that would be welcome.
>
>--
> Leo Bicknell - bicknell@ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
>Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
