North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red Hammering Away

  • From: William Allen Simpson
  • Date: Sat Aug 04 19:46:53 2001

Sameh Ghane wrote:
> Sorry, but this worm caused more damages to mailing lists than anything
> else, on the Internet. Looks more like a chain-letter...

Dunno why you would think this was other than operational.  As a small 
provider serving almost entirely dial-up, we still have enough of this 
to swamp almost entirely all of our outbound links.  And as soon as 
we kill them, they pop up on another IP.  The support costs are going 
to hurt, bad.

Inbound isn't too bad, I guess CEF and WFQ works to protect individual 
machines from overload at T1 rates.

We won't have much of an attack problem on our own machines, as we are 
a Macintosh/Linux/OpenBSD shop.  We have only 2 Windows machines to 
train tech support....

Meanwhile, the SirCam worm is eating disk space, and we have folks 
calling because it takes too long to download their mail, or the POP 
session fails entirely (another M$ problem with large messages).
The support costs are hurting on this, too.

It seems to me that somebody needs to write a version of Code Red that 
wipes all .exe and .dll in the windows directory, forcing an update 
of both windows and office.

Anybody game?
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32