icmp followed by port 135 connection attempts? nachi or welchia... flow logs are highly useful in understanding gross behavioral changes in user usage patterns. joelja On Thu, 20 Nov 2003, Jared B. Reimer wrote:
Greetings.
Another independent ISP operator and I have noticed a pretty significant increase in traffic to and from our broadband (DSL) subscribers since August. It's been a fairly steady uptick, at least in my case, resulting in a doubling of overall average traffic to/from these folks since then.
Have others seen a similar trend? Any thoughts as to what the cause may be? Our best guess a virus/worm, possibly being used as a spam relay or other proxy at this point...
Many thanks,
-- Jared
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2