Question about codered worm
Martijn van Oosterhout
kleptog at svana.org
Tue Aug 7 16:06:17 EST 2001
Over the past 24 hours, our firewall here has blocked over 250,000
connection attempts to bogus IPs generated by this worm. (We're blocking
almost an entire class C here). That's about 40 per host per hour. Anyway,
what I was wondering was:
- Does seem abnormally high to anyone?
- In a sense we're paying for this traffic, so I was wondering if anyone
had had any luck trying to convince their upstream provider to block the
traffic.
- are we allowed to do smurf type attacks on offending machines to try to
disable thier IP stacks?
- from what I'm seeing, the general response from everyone is to ignore the
problem. Is this true or are people actually doing something?
I'm sorely tempted to simply disable all logging of the problem and ignoring
it.
--
Martijn van Oosterhout <kleptog at svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.
--
Martijn van Oosterhout <kleptog at svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.
More information about the linux
mailing list