Wired mag article on spammers playing traceroute games with trojaned

Jeff Kell jeff-kell at utc.edu
Fri Oct 10 01:52:03 UTC 2003


Laurence F. Sheldon, Jr. wrote:

> Margie Arbon wrote:

>>With all due respect, we have a *problem*. End user machines on
>>broadband connections are being misconfigured and/or compromised in
>>frightening numbers.  These machines are being used for everything
>>from IRC flooder to spam engines, to DNS servers to massive DDoS
>>infrastructure. If the ability of a teenager to launch a gb/s DDoS,
>>or of someone DoSing mailservers off the internet with a trojan that
>>contains a spam engine is not operational, perhaps it's just me
>>that's confused.

> I believe that to be one of the most succint summaries of the issues
> as I have read.

I concur whole-heartedly.  Add on the background noise of still 
unpatched Code Red, Nimda, SQL Slammer, Blaster, and the scanning for 
open servers (ftp, smtp, proxy, squid, socks, wingate, etc) and we are 
talking about a considerable amount of [malicious] bandwidth waste.
Adding further to that we have ridiculous quantities of ICMP spewing 
from Nachi/Welchia infections.

The average household broadband connections are indeed being 
compromised, but our "threshold of pain" seems to be exponentially 
growing as the background noise gets louder and louder, and unusual 
spikes get drowned out by P2P.  It takes a major catastrophe like 
Slammer or Blaster to get anyone's attention anymore (above the abuse 
reports from IWFs (Idiots With [personal] Firewalls).

Jeff




More information about the NANOG mailing list