North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Worm Probes

  • From: Roeland Meyer
  • Date: Tue Sep 18 14:06:57 2001

The damned thing continues to burn bandwidth here. My IIS systems were
patched long ago and my Apache servers are inherently immune. But, that does
not prevent vulnerability scans and it's those scans that are burning the
pipe. Firewalling the scans sort of blocks those services too. So, that
isn't the answer.

Fortunately, I have long been a fan of having really huge boxen sip their
internet through straws (any single box can saturate the uplink (100baseTX),
at <50% CPU utilization and the WAN:LAN link never exceeds 1:10. So, my
servers are  just loafing. Still, this comes real close to being a DDOS
attack because the WAN port is showing almost 40% usage from scans right
now. I'm real glad that I have another set of zone servers, piggy-backed in

Has anyone made any progress towards locating origination of these worms?
They seem to be steadily mutating. This means that a/some programmer(s)
is/are behind this somewhere. I'm sure that I'm not the only one that wants
to know.

R O E L A N D  M J  M E Y E R
Managing Director
Morgan Hill Software Company
tel: +1 925 373 3954
cel: +1 925 352 3615
fax: +1 925 373 9781