Educause Security Discussion mailing list archives
Continued slammer traffic over Abilene
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Wed, 7 May 2003 15:53:44 -0500
See some comments below, from our Advanced Network Management Lab. The comments refer to a list of sites, which I have removed. But, we will attempt to identify the technical contacts for those sites and send them more detailed information. In any case, all campuses might want to consider continuing/reinstating/installing traps on 1433 and 1434. (That with my REN-ISAC hat on -- this with my IU hat on: we never removed our filters on those ports. Very little problem here, and only about 3 situations where we had to make exceptions.) M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu *** Abilene continues to see a large number of SQL Slammer infection attempts, roughly one million attempts per day. The trend on infection attempts appears to be basically static as analysis done two weeks ago also showed roughly a million infection attempts per day. Below is the output of a query against our PostGres relational database system showing the top infection sites (more than 10,000 infected packets sourced) ordered by number of infected packets sourced over a three day period. Note that the source addresses are anonymized according to Internet2 criteria. [list deleted] Note that the total number of infected packets over the same period was 3,545,547. During that period we captured 920 billion individual traces. From a network load perspective SQL Slammer is a small part (0.0004%) of Abilene's total flow. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Continued slammer traffic over Abilene Bruhn, Mark S. (May 07)