nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Worm on 1434 (was Re: Level3 routing issues?)

From: Mike Tancsa <mike () sentex net>
Date: Sat, 25 Jan 2003 02:21:32 -0500
Same here, I thought at first it was some really strange effect of my ATM switch upgrade as the traffic started almost at the exact same time. I am seeing a 100% increase in traffic right now and a chunk of my colo customer's machines are infected. 

        ---Mike

At 01:19 AM 1/25/2003 -0500, Aaron Burnett wrote:



On Sat, 25 Jan 2003, Alex Rubenstein wrote:

>
>
> I dunno about that. But, I am seeing, in the last couple hours, all kinds
> of new traffic.
>
> like, customers who never get attacked or anything, all of a sudden:
>
> http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html 
>
>
> We are seeing this on ports all across out network -- nearly 1/2 our ports
> are in delta alarm right now.
>
> Anyone else?
>

Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from all over
the world to any address on my network.


--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike () sentex net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike
Previous By Date Next
Previous By Thread Next

Current thread: