Yup - got that. I sent my post to nanog quite a while ago. Unfortunetly, it took a little while to come to life. :) Gee, I wonder why? We're doing some really cool blocking now. Now its time to get the custoemrs to secure their boxen. :) -Eric On Sat, 25 Jan 2003, Larry Rosenman wrote:
Date: Sat, 25 Jan 2003 03:44:39 -0600 From: Larry Rosenman <ler@lerctr.org> To: Eric Whitehill <eric@botbay.net>, Andy Dills <andy@xecu.net> Cc: Alex Rubenstein <alex@nac.net>, hc <haesu@towardex.com>, "nanog@merit.edu" <nanog@merit.edu> Subject: Re: Level3 routing issues?
MSSQL worm/DDOS/Exploit on UDP/1434
A bunch of us are blocking UDP/1434 destinations.
http://www.nextgenss.com/advisories/mssql-udp.txt
Larry Rosenman Internet America/PDQ.NET/neosoft.com AS4278/AS3764
--On Saturday, January 25, 2003 02:15:59 -0500 Eric Whitehill <eric@botbay.net> wrote:
Same here...
My connecion with AADS has doubled in traffic, and everything else.
I've doubled my network traffic since 11:30ish PM CST...
If anyone has an idea of whats going on...
AS5006 is where I'm at.
-Eric
On Sat, 25 Jan 2003, Andy Dills wrote:
Date: Sat, 25 Jan 2003 01:37:29 -0500 (EST) From: Andy Dills <andy@xecu.net> To: Alex Rubenstein <alex@nac.net> Cc: hc <haesu@towardex.com>, "nanog@merit.edu" <nanog@merit.edu> Subject: Re: Level3 routing issues?
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
I dunno about that. But, I am seeing, in the last couple hours, all kinds of new traffic.
like, customers who never get attacked or anything, all of a sudden:
http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865 .html
We are seeing this on ports all across out network -- nearly 1/2 our ports are in delta alarm right now.
Anyone else?
I will dig more to look at the traffic.
Interesting, at almost the exact same time (call it 12:30), qwest dropped all but 1000 routes through IAD...still trying to get somebody on the phone at their IP noc, not having much luck. Genuity seems fine at the moment...
Any speculation yet? Kind of an odd coincidence of problems...
Oh, just got through...fiber cut in DC?
Andy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access