RE: AT&T US Network Slowdown?
Dear Nanogers, Is anyone aware of a "slowdown" issue throughout the US AT&T network since 8/18 at around 4pm which is causing a lot of internet circuits (including DSL) to be inaccessible and/or appear down from the outside world? AT&T says this has been escalated to "Level 4" with no ETA and affecting the whole country. I am seeing this problem in the San Francisco area. Just wondering if anyone else is experiencing anything that would confirm AT&T's claim, and fishing for more info about the possible cause and ETA. Thanks!
We are currently seeing the slowdown on our network in San Jose. Started about exactly the time frame that you mentioned. The rest of the country (oddly) seems unaffected by this at the moment, but San Jose is getting hammered by something. Still trying to sort out exactly where it is coming from. -Sean Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. Pleasanton, CA 94588 (925) 201-2530
Spam may be off topic but in this case relevant. Has anyone else noticed bounced emails that appear to have origionated from their nanog email boxes and contain viruses? Obviously some bot has gone threw the nanog list and is now forging headers such that they appear to come from those addresses, and they are attaching viruses. The IP address (which may or may not be accurate) appears to be [195.157.87.253]. Has anyone else noticed this recently? Dave -- David Diaz dave@smoton.net [Email] pagedave@smoton.net [Pager] www.smoton.net Smotons (Smart Photons) trump dumb photons
Date: Tue, 19 Aug 2003 12:42:49 -0400 From: David Diaz <techlist@smoton.net> Sender: owner-nanog@merit.edu
Spam may be off topic but in this case relevant. Has anyone else noticed bounced emails that appear to have origionated from their nanog email boxes and contain viruses?
Obviously some bot has gone threw the nanog list and is now forging headers such that they appear to come from those addresses, and they are attaching viruses.
The IP address (which may or may not be accurate) appears to be [195.157.87.253].
Has anyone else noticed this recently?
On many lists. The latest and most annoying version of Sobig worm has hit the nets and I have gotten at least 50 copies already today. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634
On Tue, 19 Aug 2003 12:42:49 EDT, David Diaz <techlist@smoton.net> said:
Obviously some bot has gone threw the nanog list and is now forging headers such that they appear to come from those addresses, and they are attaching viruses.
More likely, some poor lurker at the IP address listed has gotten hit with one of the *MANY* worms that forge the From: field, and it's happily forging in the name of all the most common NANOG posters. My guess is it's w32-SoBig.F. But only because it's today, and that one seems to be busy today. Ask me next week, it'll be another one. ;)
The IP address (which may or may not be accurate) appears to be [195.157.87.253].
Has anyone else noticed this recently?
I have received 100+ SoBig trojan emails in the last few hours from IP 12.107.153.212. It figures, seems to be located in AT&T land so there might also be connection to previous reports. Pete
On Tue, 19 Aug 2003, David Diaz wrote:
Spam may be off topic but in this case relevant. Has anyone else noticed bounced emails that appear to have origionated from their nanog email boxes and contain viruses?
Obviously some bot has gone threw the nanog list and is now forging headers such that they appear to come from those addresses, and they are attaching viruses.
not nanog nor sobig but i have recently been receiving emails with viruses to some very obscure and old email addresses of mine, almost certainly harvested from some equally obscure old site i have quite worrying, my impression was that someone was deliberately spamming viruses out..
The IP address (which may or may not be accurate) appears to be [195.157.87.253].
Has anyone else noticed this recently?
Dave
participants (6)
-
David Diaz
-
Kevin Oberman
-
Petri Helenius
-
Sean Crandall
-
Stephen J. Wilcox
-
Valdis.Kletnieks@vt.edu