Re: Nachi/Welchia Aftermath

[haesu () towardex com]

        lesson learned:
        stop using /makeshift/ layer3 switches (without naming vendor) to run
        L3 core

-J

On Tue, Jan 20, 2004 at 02:22:52PM -0800, Brent Van Dussen wrote:
> Well folks, since the middle of August I've been tracking the spread and 
> subsequent efforts by our community to stop the nachia/welchia infection 
> that took down so many networks.
>
> Sadly, by my estimations, only about 20-30% of infected hosts were 
> cleaned.  After Jan 1, 2004 it appears that the thousands, (millions?) of 
> remaining infected hosts were rebooted and the worm removed 
> itself.  Network traffic has finally returned to normal.
>
> What kind of effects did everyone see from this devastating worm and what 
> lessons did we learn for preventing network downtime in the future?

-- 
James Jun (formerly Haesu)
TowardEX Technologies, Inc.
1740 Massachusetts Ave.
Boxborough, MA 01719
Consulting, IPv4 & IPv6 colocation, web hosting, network design & implementation
http://www.towardex.com  | james () towardex com
Cell: (978)394-2867      | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033       | AIM: GigabitEthernet0
NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE