Having looked for some information to educate myself and my employer, I will say a weakness right now is that there is limited info about this worm. I have yet to see any good information on how effective the attack might be, or what some basic prevention steps (eg filtering) might do to the worm. Backbones don't often have people that disassemble worms. It would be nice to find some way for the anti-virus companies to share more details quicker with various backbones in order to effectively combat the DDOS portion of worms. If anyone has any good analysis on the current worm (other than "it attacks www.sco.com"), that would be welcome. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org