Security Incidents mailing list archives
Re: Peak Activity of Red Worm?
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 23 Jul 2001 14:11:24 -0600 (MDT)
On Mon, 23 Jul 2001, Tim Brown wrote:
Anyone have an idea on when the peak of activity for Red Worm occurred?
The worm changed modes on 7/19 17:00 PDT, 7/19 20:00 EDT. It changed from spreading mode (what I would expect to cause a load balancer trouble) to attack Whitehouse mode (which shouldn't cause extra ARP entries, AFAIK.) I'm a bit puzzled why this should affect the ARP tables anyway... as those would normally only be for your LAN nodes. Unless you've got proxy ARP turned on for the entire Internent or something... which model of load balancer? Ryan
We lost a load balancer last Friday (7/20) at 1300 (EDT) due to exceeding the max size of the arp table. Just trying to figure out if it could be associated in any way.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Peak Activity of Red Worm? Tim Brown (Jul 23)
- Re: Peak Activity of Red Worm? Ryan Russell (Jul 23)