[Gllug] Analysing worm traffic

[Christopher Hunter]

On Monday 29 Sep 2003 2:25 pm, Simon Wilcox wrote:
> I've been tracking the snort logs on my firewall for the last month or so
> and have seen the number of welchia/blaster attack attempts rise from
> 660/day to 9,125 during Saturday. Nearly all these are coming from within
> Telewest's own network.
>
> I don't expect that complaining to their helldesk is likely to do anything
> other than raise my blood pressure as they must already know how
> widespread this infection is yet they seem to be doing nothing about it.
>
> So my question is - does anyone know how much traffic is generated by each
> attempt ? I'm guessing that it's not much but since the activity light on
> my cable modem is pretty much permanently on these days, it would be nice
> to know at what point I could claim a denial of service and start talking
> about compensation !
>
> Simon.

I've spotted exactly the same thing.  Service is getting very slow at times!  
My experience is that it's usually useless to try to talk to the BY 
"helpdesk" - they are utterly clueless.  It really shouldn't be a problem for 
them to filter the known worm attachments.....

Chris


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug