----- Original Message ----- | One other considerations is that optical IXs will have a greater | impact on the internet, possibly good and bad. With larger circuit | sizes of OC48 and OC192 for peering. An attack would have a greater | ability to flood more traffic. A failure of a peering session here | would cause a reroute of greater traffic. A possible benfit might be | that larger circuit sizes might mean that an attack might not be able | to overwhelm the larger capacities especially if backbone sizes are | the constricting factor, not peering circuits or optical VPN circuits | at the optical IX. Although this MS-SQL worm used a lot of bandwidth because of the embedded exploit code, usually worms scan first and try exploiting after. Such scan requires few bytes, so even a T-3 would carry a lot of host scans per second, and could case many routers to die on the receiving end because of packets-per-second or news-arps-per-second or syslogs-per-second limitations. I think the worst danger of large circuits would be the uplink capacity; a bunch of infected hosts would easily fill up a T-3 trying to scan for new hosts to attack, limiting the worm propagations speed, but an OC-192 might end up carrying all of the scan traffic and infect more hosts faster. Rubens