Abuse.cc ???
Jack Bates
jbates at brightok.net
Sat Apr 5 17:16:11 UTC 2003
Matthew S. Hallacy wrote:
>
> How was this traffic causing harm to your network? I'd rather have them
> dealing with people actively breaking into systems, DoS'ing, etc than
> terminating some customer who's probably infected with the latest
> microsoft worm.
>
Worm control is important. If we let them run rampant, then they will
build up to a critical mass and become DOS quality. One of my transit
customers was ignoring the worm reports I was sending him. Interesting
enough, he DOS'd his own routers as several of the people infected were
behind NAT generating 11,000 connections in less than a minute. Ever
seen a C3640 with 11,000 NAT translations? In this case, it's a customer
that didn't have high end equipment. If he'd had high end equipment,
then others would suffer the performance hit, not to mention extra noise
making it harder to detect purposeful scans and attacks. Some worms,
like Code Red, cause a DOS on web enabled equipment as well. The F
variant, for example, will shut down Net2Net dslams, some cisco
equipement, and I'm sure a lot of other things.
-Jack
More information about the NANOG
mailing list