Question about codered worm

Antti.Roppola at Antti.Roppola at
Thu Aug 16 10:30:09 EST 2001

Drake wrote:

>    Yikes!  That's half your bandwidth!  I'm similar, but have 
> only had 10%
> of the load you're getting. Just turned off my web server so 
> I'll only be
> getting unacknowledged SYNs.   The proper respose of course 
> is for ISPs to
> disconnect *INFECTED* hosts, not us victims.  How long should 
> we wait for
> this?  

So how much traffic would the unacknowledged SYNs generate?
I have everything switched off and I am still getting around
500 hits every day.

>    Hmm, legal responses to codered probes..  Accept the connection and
> return as much data as possible, to run out their quotas 

I am on Telstra "unlimited" ADSL. They are going to make a packet
out of all this traffic. Since people aren't meant to be running
server anyway, they won't have a leg to stand on. I wonder if this
will prompt Telstra to tighten what is and isn't allowed on the
ADSL network...


