worm information

• Previous message (by thread): worm information
• Next message (by thread): worm information
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ravi,

One of the responses to this thread mentioned a 3COM switch.  One of the
infected sites has a 3COM superstack 1100.  I'm not a 3COM fan but these
switches have been up for years, literally.  All it takes to make this
switch reboot is a flow from one infected host.  I'm going to try to move
the web interface port away from 80.  Thank you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> ravi pina
> Sent: Saturday, April 10, 2004 11:44 AM
> To: Christopher J. Wolff
> Cc: ravi at cow.org; 'Darrell Greenwood'; 'nanog list'
> Subject: Re: worm information
> 
> 
> hmm, honestly i can't vouch for the data rate personally.
> a co-worker said the counters on the VPN connections were
> grossly disproportionate for a short time sample.
> 
> bottom line, it is indeed annoying.  i know my server
> and desktop groups have been having a hell of a time
> disinfecting hosts.  i know part of this was that
> symantec, at the time, said it may be a polymorphic
> strain.
> 
> -r

• Previous message (by thread): worm information
• Next message (by thread): worm information
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]