North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Hard data on network impact of the "Code Red" worm?
At 16:29 30/07/01 -0700, Sean Donelan wrote:
On Mon, 30 July 2001, Christian Kuhtz wrote:In this case, IMO, the hype was warranted. If not for the 2 code errors in Code Red, this worm, using 300K zombies at 50Mb/sec each would have hit the Internet with about 15Tb/sec of aggregate traffic. The next time, we all won't be so lucky.
The Mafiaboy 100 zombies or recent IRC zombie-nets of 1800 zombies pall in comparison to 300K infected systems. IRC zombie-nets target cable modem and ADSL users. They typically can pump out 1Mb/sec of traffic. On the other hand, your typical web server is usually situated on much more bandwidth - typically FastEthernet. So targetting IIS servers is a sure way of maximizing your zombie power (the only more powerful worm would be an Apache zombie which has about 18M potential clients or a bind worm-zombie).Why don't we just have an annual, lets update your Microsoft software patches day. Every year the press can get on the bandwagon and remind us about changing the batteries in our smoke detectors and downloading the latest patches. There are a lot of flawed systems out there. Downloading a couple of patches for "Code Red" isn't enough to protect your system from all the other things. I'm worried the joint press release is doing a disservice if people have a false sense of security because they protected themselves from "code red." On the other hand, will wednesday really be that much different from any other wednesday with the normal thousdand DDOS attacks happening, and normal spam, and normal e-mail/macro viruses, and normal zombies?
I think its a bit premature to predict the end of the Internet on August 1.
It won't happen this time, but the next time, we may not be so lucky. -Hank