Full Disclosure mailing list archives

Re: 100 Worms per Second, Courtesy of Telstra

From: "Karl A. Krueger" <kkrueger () outbox whoi edu>
Date: Sun, 26 Jan 2003 20:07:38 -0500

On Sun, Jan 26, 2003 at 04:48:30PM -0500, Mike Tancsa wrote:

At 01:50 PM 26/01/2003 -0500, Karl A. Krueger wrote:

Pardon my delurk, but this is very strange worm behavior.  We are seeing
100 SQL Worms per second from a single IP address on Telstra.  This is


Perhaps a series of servers behind natted behind a single IP ?


I thought of that, but the machine has "dhcp" in its DNS hostname, which
made me think "client system":

203.50.0.215  ==  rsdhcp21.telstra.net

Thankfully, it seems that either my post here or my messages to Telstra
(the ones that didn't bounce) got through to someone ... or else they
just finally woke up and took their worm box down -- at least, it isn't
phl00ding us any more.

-- 
Karl A. Krueger <kkrueger () whoi edu>
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Matthew Murphy (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Mike Tancsa (Jan 26)
  - Re: 100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Roland Postle (Jan 26)