North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: worm information
hmm, honestly i can't vouch for the data rate personally. a co-worker said the counters on the VPN connections were grossly disproportionate for a short time sample. bottom line, it is indeed annoying. i know my server and desktop groups have been having a hell of a time disinfecting hosts. i know part of this was that symantec, at the time, said it may be a polymorphic strain. -r On Sat, Apr 10, 2004 at 11:37:15AM -0700, Christopher J. Wolff said at one point in time: > Thank you for the input. The 'unique' feature of this infestation is that > affected hosts don't transmit a lot of data...however they do open up > thousands of flows in a very short time. Perhaps that's not unique but it > certainly is annoying. > > Regards, > Christopher J. Wolff, VP CIO > Broadband Laboratories, Inc. > http://www.bblabs.com > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > ravi pina > > Sent: Saturday, April 10, 2004 11:30 AM > > To: Darrell Greenwood > > Cc: 'nanog list' > > Subject: Re: worm information > > > > > > On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one > > point in time: > > > > > > On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following : > > > > > > > > >http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm > > > > > > File Not Found... 'l' missing from end of 'htm'. > > > > > > > > http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html > > > > this is correct. my organization has been infected with this > > and it is a particular nasty little bugger. we may have been > > 'patient 0' in terms of sending copies of the virus to symantec > > so they could write signatures for it. infected hosts flood > > the network with a tremendous amount of data and port opening. > > > > i at least manged to quarantine off all my vpn devices which > > seemed to be the entry point. > > > > -r > > > --
|