Impending (mydoom) DOS attack
Mike Tancsa
mike at sentex.net
Sat Jan 31 01:07:28 UTC 2004
Are there any reliable estimates as to the amount of infected hosts out
there? Looking at my stats for email sent this week, I am seeing a 70:1
ratio for mydoom.a as compared to Swen.a (the next most prevalent virus).
Perhaps if we had some rough #s to work with we could start to approximate
the range of traffic volumes we might see.
---Mike
At 07:17 PM 30/01/2004, Leo Bicknell wrote:
>Having looked for some information to educate myself and my employer,
>I will say a weakness right now is that there is limited info about
>this worm. I have yet to see any good information on how effective
>the attack might be, or what some basic prevention steps (eg
>filtering) might do to the worm.
>
>Backbones don't often have people that disassemble worms. It would
>be nice to find some way for the anti-virus companies to share more
>details quicker with various backbones in order to effectively
>combat the DDOS portion of worms.
>
>If anyone has any good analysis on the current worm (other than "it
>attacks www.sco.com"), that would be welcome.
>
>--
> Leo Bicknell - bicknell at ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
>Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
More information about the NANOG
mailing list