North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Worm on 1434 (was Re: Level3 routing issues?)

  • From: Mike Tancsa
  • Date: Sat Jan 25 03:54:51 2003



Same here, I thought at first it was some really strange effect of my ATM switch upgrade as the traffic started almost at the exact same time. I am seeing a 100% increase in traffic right now and a chunk of my colo customer's machines are infected.

---Mike

At 01:19 AM 1/25/2003 -0500, Aaron Burnett wrote:


On Sat, 25 Jan 2003, Alex Rubenstein wrote:

>
>
> I dunno about that. But, I am seeing, in the last couple hours, all kinds
> of new traffic.
>
> like, customers who never get attacked or anything, all of a sudden:
>
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html
>
>
> We are seeing this on ports all across out network -- nearly 1/2 our ports
> are in delta alarm right now.
>
> Anyone else?
>

Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from all over
the world to any address on my network.
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  [email protected]
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike