Hard data on network impact of the "Code Red" worm?

• Previous message (by thread): Hard data on network impact of the "Code Red" worm?
• Next message (by thread): Hard data on network impact of the "Code Red" worm?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 16:29 30/07/01 -0700, Sean Donelan wrote:

>On Mon, 30 July 2001, Christian Kuhtz wrote:
> > Your logic is flawed.  If this was true, zombie networks would be largely
> > ineffective.  The current mutation is nothing more than an automated zombie
> > distribution network, with all fun options of current zombie networks 
> such as
> > remote control, remote upgrades etc...
> >
> > You may want to read up on the details of this one, like the 
> presentation at
> > the bottom of http://www.digitalisland.net/codered/
>
>If "code red" is nothing more than what we've been seeing for years,
>why the special CNN reports every half-hour, and the joint press
>conference with our fearless leaders today?  What makes "code red"
>so extrodinary it merits this special response, when previous
>"zombie" networks didn't?  I have a hard time seeing how "Code Red"
>will ever live up to the advance hype on August 1.  Is Don King
>managing the pay-per-view for this event?  Michelangelo Vs. Code Red.

In this case, IMO, the hype was warranted.  If not for the 2 code errors in 
Code Red, this worm, using 300K zombies at 50Mb/sec each would have hit the 
Internet with about 15Tb/sec of aggregate traffic.  The next time, we all 
won't be so lucky.


>Why don't we just have an annual, lets update your Microsoft software
>patches day.  Every year the press can get on the bandwagon and
>remind us about changing the batteries in our smoke detectors and
>downloading the latest patches.
>
>There are a lot of flawed systems out there.  Downloading a couple
>of patches for "Code Red" isn't enough to protect your system from
>all the other things.  I'm worried the joint press release is doing
>a disservice if people have a false sense of security because they
>protected themselves from "code red."
>
>On the other hand, will wednesday really be that much different from
>any other wednesday with the normal thousdand DDOS attacks happening,
>and normal spam, and normal e-mail/macro viruses, and normal zombies?

The Mafiaboy 100 zombies or recent IRC zombie-nets of 1800 zombies pall in 
comparison to 300K infected systems.   IRC zombie-nets target cable modem 
and ADSL users.  They typically can pump out 1Mb/sec of traffic.  On the 
other hand, your typical web server is usually situated on much more 
bandwidth - typically FastEthernet.  So targetting IIS servers is a sure 
way of maximizing your zombie power (the only more powerful worm would be 
an Apache zombie which has about 18M potential clients or a bind worm-zombie).


>I think its a bit premature to predict the end of the Internet on
>August 1.

It won't happen this time, but the next time, we may not be so lucky.

-Hank

• Previous message (by thread): Hard data on network impact of the "Code Red" worm?
• Next message (by thread): Hard data on network impact of the "Code Red" worm?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]