Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]

Sean Donelan sean at donelan.com
Tue Nov 25 04:00:22 UTC 2003

On Mon, 24 Nov 2003, Stuart Staniford wrote:
> So it would seem that worms are, at a minimum, not a simple or
> unproblematic capacity management problem.

Things are rarely as simple as they appear.  Even buying a military
grade black box may not solve the worm problem.

There are some natural choke points in the Internet between ISPs and
customers.  The customer may have a 1000 Mbps GigE LAN and the ISP may
have an OC192 backbone, but the link between them is normally much
smaller. Slammer, Blaster, etc had very little impact on the major ISP
backbones, but did severaly congest some of the smaller choke points.  Go
ahead and ask UUNET, Sprint, AT&T, etc. what impact the worms had their

ISPs don't have (much) control over third-party computers. But they can
control their network capacity.  Of course, its not a complete solution.
If you are a mid-level ISP, you may have a choke point to your customer
but are vulnerable from your upstream provider. A better designed worm
could impact even major backbones.

More information about the NANOG mailing list