Full Disclosure mailing list archives
100 Worms per Second, Courtesy of Telstra
From: "Karl A. Krueger" <kkrueger () outbox whoi edu>
Date: Sun, 26 Jan 2003 13:50:40 -0500
Pardon my delurk, but this is very strange worm behavior. We are seeing 100 SQL Worms per second from a single IP address on Telstra. This is about 10k times the level of activity we are seeing from any other address. Anyone here either know anyone at Telstra who can shut this off, or perhaps at least some explanation of why this worm instance would set aside its usual randomish behavior and flood us like this? This is 1/10th of a second of tcpdump, from outside our firewall: 13:34:01.154816 203.50.0.215.2184 > xxx.yyy.46.59.1434: udp 376 13:34:01.160223 203.50.0.215.2184 > xxx.yyy.99.76.1434: udp 376 13:34:01.170387 203.50.0.215.2184 > xxx.yyy.205.52.1434: udp 376 13:34:01.179743 203.50.0.215.2184 > xxx.yyy.55.37.1434: udp 376 13:34:01.184178 203.50.0.215.2184 > xxx.yyy.108.128.1434: udp 376 13:34:01.198594 203.50.0.215.2184 > xxx.yyy.11.30.1434: udp 376 13:34:01.203094 203.50.0.215.2184 > xxx.yyy.64.129.1434: udp 376 13:34:01.207258 203.50.0.215.2184 > xxx.yyy.117.38.1434: udp 376 13:34:01.221870 203.50.0.215.2184 > xxx.yyy.20.162.1434: udp 376 13:34:01.245105 203.50.0.215.2184 > xxx.yyy.29.152.1434: udp 376 13:34:01.250175 203.50.0.215.2184 > xxx.yyy.82.143.1434: udp 376 -- Karl A. Krueger <kkrueger () whoi edu> Network Security -- Linux/Unix Systems Support -- Etc. Woods Hole Oceanographic Institution _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Matthew Murphy (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Mike Tancsa (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Roland Postle (Jan 26)