On Mon, 24 Nov 2003, Stuart Staniford wrote:
So it would seem that worms are, at a minimum, not a simple or unproblematic capacity management problem.
Things are rarely as simple as they appear. Even buying a military grade black box may not solve the worm problem. There are some natural choke points in the Internet between ISPs and customers. The customer may have a 1000 Mbps GigE LAN and the ISP may have an OC192 backbone, but the link between them is normally much smaller. Slammer, Blaster, etc had very little impact on the major ISP backbones, but did severaly congest some of the smaller choke points. Go ahead and ask UUNET, Sprint, AT&T, etc. what impact the worms had their networks. ISPs don't have (much) control over third-party computers. But they can control their network capacity. Of course, its not a complete solution. If you are a mid-level ISP, you may have a choke point to your customer but are vulnerable from your upstream provider. A better designed worm could impact even major backbones.