Increase in traffic to/from DSL subs since August?

Suresh Ramasubramanian suresh at
Fri Nov 21 02:27:13 UTC 2003

Steven M. Bellovin writes on 11/20/2003 4:28 PM:

> At the IETF Plenary, Bernard Aboba showed a graph of spam, with a 
> marked uptick since SoBig.F in August.  My guess is worm-deposited spam
> relays, though Joel's guess of Nachi or Welchia can't be ruled out, 
> either, without flow data.

A ballpark estimate from a couple of friends who run small cable ISPs in 
India, and from a look at our mailserver log stats, says that yes, this 
is mostly because of open proxies and trojans infecting unpatched 
windows machines on broadband.  Swen, MiMail and Jeem.mail.pv seem to be 
the worst offenders wrt spamming trojans, right now.

Nachi and Welchia are almost as bad.  I'd say blame can be split equally 
between the two.

srs (postmaster|suresh) // gpg : EDEDEFB9
manager, security and antispam operations

More information about the NANOG mailing list