Abuse.cc ???

• Previous message (by thread): Abuse.cc ???
• Next message (by thread): Abuse.cc ???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthew S. Hallacy wrote:
> 
> How was this traffic causing harm to your network? I'd rather have them
> dealing with people actively breaking into systems, DoS'ing, etc than
> terminating some customer who's probably infected with the latest 
> microsoft worm.
> 

Worm control is important. If we let them run rampant, then they will 
build up to a critical mass and become DOS quality. One of my transit 
customers was ignoring the worm reports I was sending him. Interesting 
enough, he DOS'd his own routers as several of the people infected were 
behind NAT generating 11,000 connections in less than a minute. Ever 
seen a C3640 with 11,000 NAT translations? In this case, it's a customer 
that didn't have high end equipment. If he'd had high end equipment, 
then others would suffer the performance hit, not to mention extra noise 
making it harder to detect purposeful scans and attacks. Some worms, 
like Code Red, cause a DOS on web enabled equipment as well. The F 
variant, for example, will shut down Net2Net dslams, some cisco 
equipement, and I'm sure a lot of other things.


-Jack

• Previous message (by thread): Abuse.cc ???
• Next message (by thread): Abuse.cc ???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]