[69405] in North American Network Operators' Group
RE: worm information
daemon@ATHENA.MIT.EDU (Christopher J. Wolff)
Sat Apr 10 14:50:30 2004
From: "Christopher J. Wolff" <chris@bblabs.com>
To: <ravi@cow.org>
Cc: "'Darrell Greenwood'" <lists2@telus.net>,
"'nanog list'" <nanog@merit.edu>
Date: Sat, 10 Apr 2004 11:50:00 -0700
In-Reply-To: <20040410184337.GS58410@happy.cow.org>
Errors-To: owner-nanog-outgoing@merit.edu
Ravi,
One of the responses to this thread mentioned a 3COM switch. One of the
infected sites has a 3COM superstack 1100. I'm not a 3COM fan but these
switches have been up for years, literally. All it takes to make this
switch reboot is a flow from one infected host. I'm going to try to move
the web interface port away from 80. Thank you.
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> ravi pina
> Sent: Saturday, April 10, 2004 11:44 AM
> To: Christopher J. Wolff
> Cc: ravi@cow.org; 'Darrell Greenwood'; 'nanog list'
> Subject: Re: worm information
>
>
> hmm, honestly i can't vouch for the data rate personally.
> a co-worker said the counters on the VPN connections were
> grossly disproportionate for a short time sample.
>
> bottom line, it is indeed annoying. i know my server
> and desktop groups have been having a hell of a time
> disinfecting hosts. i know part of this was that
> symantec, at the time, said it may be a polymorphic
> strain.
>
> -r
