North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wired mag article on spammers playing traceroute games with trojaned

  • From: Jeff Kell
  • Date: Thu Oct 09 22:02:03 2003

Laurence F. Sheldon, Jr. wrote:

Margie Arbon wrote:

With all due respect, we have a *problem*. End user machines on
broadband connections are being misconfigured and/or compromised in
frightening numbers.  These machines are being used for everything
from IRC flooder to spam engines, to DNS servers to massive DDoS
infrastructure. If the ability of a teenager to launch a gb/s DDoS,
or of someone DoSing mailservers off the internet with a trojan that
contains a spam engine is not operational, perhaps it's just me
that's confused.

I believe that to be one of the most succint summaries of the issues
as I have read.
I concur whole-heartedly. Add on the background noise of still unpatched Code Red, Nimda, SQL Slammer, Blaster, and the scanning for open servers (ftp, smtp, proxy, squid, socks, wingate, etc) and we are talking about a considerable amount of [malicious] bandwidth waste.
Adding further to that we have ridiculous quantities of ICMP spewing from Nachi/Welchia infections.

The average household broadband connections are indeed being compromised, but our "threshold of pain" seems to be exponentially growing as the background noise gets louder and louder, and unusual spikes get drowned out by P2P. It takes a major catastrophe like Slammer or Blaster to get anyone's attention anymore (above the abuse reports from IWFs (Idiots With [personal] Firewalls).

Jeff