[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luke Hinds wrote: > > You know this lovesan virus thats causing mayhem at the moment. Not to Linux users is it? I think the US power outage has taken some web sites downs, but not many, this is my main issue, other things seem quite fast! Probably lack of North American clients systems. > And this is just from 1 machine. Imagine how much bandwidth is being > sucked up there???? I'm seeing 48 bytes about every 10 minutes on the Demon IP address, you're seeing three times as much, which I presume is to do with the state of your port 135, I just have ipchains set to DENY. Globally the Internet Storm Centre has been recording of the order of 100,000,000 probes, at 48 bytes each, that is about 4 GB, or 32 Gigabits, or about one second peak throughput for the London Internet exchange each day. Obviously the total number of probes is several orders of magnitudes larger than what the ISC records, but the traffic is often localised due to the method it uses for generating IP addresses. So whilst the volume is probably a significant fraction of total Internet usage it probably isn't causing too much trouble. Some of the big ISPs are port filtering 135, but this is never popular. The total number of sources ISC saw was 165,000 on the 12th and 110,000 on the 13th, so at current trends and given the payload I'd bet Microsoft update will be usuable on the 16th but I wouldn't bet much! However this is more through luck than judgement, if the code had said 13 instead of 16, then the attack would have been at peak infection, estimated by some groups as in excess of 250,000 clients, rather than what seems likely tens of thousands. The world will survive this one as well, now if it had wiped user files, or the attack was against something more vulnerable (.com name servers), and was less concerned with spoofing the source address and more with doing damage..... One time the payload will be malicious and a lot of people will be restoring data from tapes or wishing they could. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/PDEFGFXfHI9FVgYRAn1sAKCC4jX9nQiWnrOBK5sh3y4wJaIJ6gCfcuWA R/Ee4NJRZYcH6FDjdQqe8Uk= =vA1y -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.