Code Red Hammering Away
William Allen Simpson
wsimpson at greendragon.com
Sat Aug 4 23:44:47 UTC 2001
Sameh Ghane wrote:
>
> Sorry, but this worm caused more damages to mailing lists than anything
> else, on the Internet. Looks more like a chain-letter...
Dunno why you would think this was other than operational. As a small
provider serving almost entirely dial-up, we still have enough of this
to swamp almost entirely all of our outbound links. And as soon as
we kill them, they pop up on another IP. The support costs are going
to hurt, bad.
Inbound isn't too bad, I guess CEF and WFQ works to protect individual
machines from overload at T1 rates.
We won't have much of an attack problem on our own machines, as we are
a Macintosh/Linux/OpenBSD shop. We have only 2 Windows machines to
train tech support....
Meanwhile, the SirCam worm is eating disk space, and we have folks
calling because it takes too long to download their mail, or the POP
session fails entirely (another M$ problem with large messages).
The support costs are hurting on this, too.
It seems to me that somebody needs to write a version of Code Red that
wipes all .exe and .dll in the windows directory, forcing an update
of both windows and office.
Anybody game?
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
More information about the NANOG
mailing list