[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 2003-08-15 at 02:02, Simon Waters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Luke Hinds wrote: > > > > You know this lovesan virus thats causing mayhem at the moment. > > Not to Linux users is it? I think the US power outage has taken some web > sites downs, but not many, this is my main issue, other things seem > quite fast! Probably lack of North American clients systems. > > > And this is just from 1 machine. Imagine how much bandwidth is being > > sucked up there???? > > I'm seeing 48 bytes about every 10 minutes on the Demon IP address, > you're seeing three times as much, which I presume is to do with the > state of your port 135, I just have ipchains set to DENY. > > Globally the Internet Storm Centre has been recording of the order of > 100,000,000 probes, at 48 bytes each, that is about 4 GB, or 32 > Gigabits, or about one second peak throughput for the London Internet > exchange each day. > > Obviously the total number of probes is several orders of magnitudes > larger than what the ISC records, but the traffic is often localised due > to the method it uses for generating IP addresses. So whilst the volume > is probably a significant fraction of total Internet usage it probably > isn't causing too much trouble. Some of the big ISPs are port filtering > 135, but this is never popular. > > The total number of sources ISC saw was 165,000 on the 12th and 110,000 > on the 13th, so at current trends and given the payload I'd bet > Microsoft update will be usuable on the 16th but I wouldn't bet much! > > However this is more through luck than judgement, if the code had said > 13 instead of 16, then the attack would have been at peak infection, > estimated by some groups as in excess of 250,000 clients, rather than > what seems likely tens of thousands. > > The world will survive this one as well, now if it had wiped user files, > or the attack was against something more vulnerable (.com name servers), > and was less concerned with spoofing the source address and more with > doing damage..... > > One time the payload will be malicious and a lot of people will be > restoring data from tapes or wishing they could. I agree, were not heading for infrastructure meltdown by Saturday as on the malicious scale, this one ranks fairly low. Its more of nuisance then anything else. Should be interesting to see what tomorrow holds when the dos kicks off. The fact that it causes the victims computer to reboot every 60 secs means a majority of folks will have applied a band aid by then. There's quite a peak on that ics 135 chart http://isc.incidents.org/port_details.html?port=135
Attachment:
signature.asc
Description: This is a digitally signed message part