Worm on 1434 (was Re: Level3 routing issues?)
Mike Tancsa
mike at sentex.net
Sat Jan 25 07:21:32 UTC 2003
Same here, I thought at first it was some really strange effect of my ATM
switch upgrade as the traffic started almost at the exact same time. I am
seeing a 100% increase in traffic right now and a chunk of my colo
customer's machines are infected.
---Mike
At 01:19 AM 1/25/2003 -0500, Aaron Burnett wrote:
>On Sat, 25 Jan 2003, Alex Rubenstein wrote:
>
> >
> >
> > I dunno about that. But, I am seeing, in the last couple hours, all kinds
> > of new traffic.
> >
> > like, customers who never get attacked or anything, all of a sudden:
> >
> >
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
> >
> >
> > We are seeing this on ports all across out network -- nearly 1/2 our ports
> > are in delta alarm right now.
> >
> > Anyone else?
> >
>
>Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from all over
>the world to any address on my network.
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the NANOG
mailing list