So far it's been visible as an apparently accidental byproduct of an attack with other goals. Are you willing to bet your bifocals that the same mechanism can't be weaponized and used against the routing infrastructure directly in the future?
Yet the question becomes the reasoning behind it. How much is a direct result of the worm and how much is a result of actions based on the NE's?
Good question. null routing of traffic destined to a network with a BGP interface on it will cause the session to drop. That is a BGP effect due to engineers' actions, indirectly triggered by the worm. On the other hand, we also know (from private communications and from other mailing lists.. ahem) that high rate and high src/dst diversity of scans causes some network devices to fail (devices that cache flows, or devices that suffer from cpu overload under such conditions). Some BGP-speaking routers (not all, by any means, but some subpopulation) found themselves pegged at 100% CPU on Saturday. Just one example: http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html Whether you believe "anthropogenic" explanations for the instability depends on how fast you believe NEs can look, think, and type, compared to the speed with which the BGP announcement and withdrawal rates are observed to take off. For my part, I'd bet that the long slow exponential decay (with superimposed spiky noise) is people at work. But the initial blast is not. ---------- James Cowie Renesys Corporation http://gradus.renesys.com