hmm, honestly i can't vouch for the data rate personally. a co-worker said the counters on the VPN connections were grossly disproportionate for a short time sample. bottom line, it is indeed annoying. i know my server and desktop groups have been having a hell of a time disinfecting hosts. i know part of this was that symantec, at the time, said it may be a polymorphic strain. -r On Sat, Apr 10, 2004 at 11:37:15AM -0700, Christopher J. Wolff said at one point in time:
Thank you for the input. The 'unique' feature of this infestation is that affected hosts don't transmit a lot of data...however they do open up thousands of flows in a very short time. Perhaps that's not unique but it certainly is annoying.
Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of ravi pina Sent: Saturday, April 10, 2004 11:30 AM To: Darrell Greenwood Cc: 'nanog list' Subject: Re: worm information
On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one point in time:
On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following :
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm
File Not Found... 'l' missing from end of 'htm'.
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html
this is correct. my organization has been infected with this and it is a particular nasty little bugger. we may have been 'patient 0' in terms of sending copies of the virus to symantec so they could write signatures for it. infected hosts flood the network with a tremendous amount of data and port opening.
i at least manged to quarantine off all my vpn devices which seemed to be the entry point.
-r
--