Nachi/Welchia Aftermath
Rubens Kuhl Jr.
rubens at email.com
Wed Jan 21 00:16:03 UTC 2004
Not all L3-switches are flow-based; prefix-based ones should do just fine.
Can people add/correct this initial list ?
Flow-based: Foundry with IronCore modules, Cisco Catalyst 6500 with Sup1(A)
Prefix-based: Foundry with JetCore modules, Cisco Catalyst 6500/7600 with
Sup2(A), Sup3(A/BXL)
Rubens
----- Original Message -----
From: <haesu at towardex.com>
To: "Brent Van Dussen" <vandusb at attens.com>
Cc: "NANOG" <nanog at merit.edu>
Sent: Tuesday, January 20, 2004 9:46 PM
Subject: Re: Nachi/Welchia Aftermath
>
> lesson learned:
> stop using /makeshift/ layer3 switches (without naming vendor) to run
> L3 core
>
> -J
>
> On Tue, Jan 20, 2004 at 02:22:52PM -0800, Brent Van Dussen wrote:
> >
> > Well folks, since the middle of August I've been tracking the spread and
> > subsequent efforts by our community to stop the nachia/welchia infection
> > that took down so many networks.
> >
> > Sadly, by my estimations, only about 20-30% of infected hosts were
> > cleaned. After Jan 1, 2004 it appears that the thousands, (millions?)
of
> > remaining infected hosts were rebooted and the worm removed
> > itself. Network traffic has finally returned to normal.
> >
> > What kind of effects did everyone see from this devastating worm and
what
> > lessons did we learn for preventing network downtime in the future?
>
> --
> James Jun (formerly Haesu)
> TowardEX Technologies, Inc.
> 1740 Massachusetts Ave.
> Boxborough, MA 01719
> Consulting, IPv4 & IPv6 colocation, web hosting, network design &
implementation
> http://www.towardex.com | james at towardex.com
> Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
> Fax: (978)263-0033 | AIM: GigabitEthernet0
> NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE
>
More information about the NANOG
mailing list