Impending (mydoom) DOS attack

Mike Tancsa mike at sentex.net
Sat Jan 31 01:07:28 UTC 2004



Are there any reliable estimates as to the amount of infected hosts out 
there?  Looking at my stats for email sent this week, I am seeing a 70:1 
ratio for mydoom.a as compared to Swen.a (the next most prevalent virus). 
Perhaps if we had some rough #s to work with we could start to approximate 
the range of traffic volumes we might see.

         ---Mike

At 07:17 PM 30/01/2004, Leo Bicknell wrote:

>Having looked for some information to educate myself and my employer,
>I will say a weakness right now is that there is limited info about
>this worm.  I have yet to see any good information on how effective
>the attack might be, or what some basic prevention steps (eg
>filtering) might do to the worm.
>
>Backbones don't often have people that disassemble worms.  It would
>be nice to find some way for the anti-virus companies to share more
>details quicker with various backbones in order to effectively
>combat the DDOS portion of worms.
>
>If anyone has any good analysis on the current worm (other than "it
>attacks www.sco.com"), that would be welcome.
>
>--
>        Leo Bicknell - bicknell at ufp.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/
>Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org




More information about the NANOG mailing list