Can you give me any information about which multicast group addresses were being attacked ? I have seen very little sign of this worm in interdomain multicast; it does not seem to be causing MSDP havoc the way that the RAMEN worm did. Regards Marshall Eubanks On Saturday, January 25, 2003, at 06:00 AM, lost@l-w.net wrote:
This one seemed to be particularly nasty as it was generating traffic to multicast addresses too. It caused a nice flood on the switched ethernet segment I had a vulnerable box on. (And took out a router in the process. Great fun.)
William Astle finger lost@l-w.net for further information
Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N w--- !O !M PS PE V-- Y+ PGP t+@ 5++ X !R tv+@ b+++@ !DI D? G e++ h+ y?
T.M. Eubanks Multicast Technologies, Inc. 10301 Democracy Lane, Suite 410 Fairfax, Virginia 22030 Phone : 703-293-9624 Fax : 703-293-9609 e-mail : tme@multicasttech.com http://www.multicasttech.com Test your network for multicast : http://www.multicasttech.com/mt/ Status of Multicast on the Web : http://www.multicasttech.com/status/index.html