Jared B. Reimer wrote:
Greetings.
Another independent ISP operator and I have noticed a pretty significant increase in traffic to and from our broadband (DSL) subscribers since August. It's been a fairly steady uptick, at least in my case, resulting in a doubling of overall average traffic to/from these folks since then.
Have others seen a similar trend? Any thoughts as to what the cause may be? Our best guess a virus/worm, possibly being used as a spam relay or other proxy at this point...
Welchia would generate large amounts of traffic from the subscribers but not really that much towards them because it sends it´s traffic to random IP prefixes, thus possibility of hitting local prefixes is not that great. (cannot remember if it had some bias) Most consumer heavy networks which used to have spare capacity in the DSL access enjoy instant traffic growth if they or their upstream upgrades their peers, making more bandwidth available to p2p applications. And last, not least, zombierunners from certain netblocks probably send instructions to your users to spew messages around the world advertising their wares. Just as a side note, we recently announced product to automatically sandbox and un-sandbox infected machines. Works with dynamic addresses also. Pete