North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Impending (mydoom) DOS attack

  • From: Mike Tancsa
  • Date: Fri Jan 30 20:13:11 2004



Are there any reliable estimates as to the amount of infected hosts out there? Looking at my stats for email sent this week, I am seeing a 70:1 ratio for mydoom.a as compared to Swen.a (the next most prevalent virus). Perhaps if we had some rough #s to work with we could start to approximate the range of traffic volumes we might see.

---Mike

At 07:17 PM 30/01/2004, Leo Bicknell wrote:

Having looked for some information to educate myself and my employer,
I will say a weakness right now is that there is limited info about
this worm.  I have yet to see any good information on how effective
the attack might be, or what some basic prevention steps (eg
filtering) might do to the worm.

Backbones don't often have people that disassemble worms.  It would
be nice to find some way for the anti-virus companies to share more
details quicker with various backbones in order to effectively
combat the DDOS portion of worms.

If anyone has any good analysis on the current worm (other than "it
attacks www.sco.com"), that would be welcome.

--
       Leo Bicknell - [email protected] - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [email protected], www.tmbg.org