nanog mailing list archives
Re: mSQL Attack/Peering/OBGP/Optical exchange
From: "Rubens Kuhl Jr." <rkjnanog () ieg com br>
Date: Sun, 26 Jan 2003 22:33:24 -0200
----- Original Message ----- | One other considerations is that optical IXs will have a greater | impact on the internet, possibly good and bad. With larger circuit | sizes of OC48 and OC192 for peering. An attack would have a greater | ability to flood more traffic. A failure of a peering session here | would cause a reroute of greater traffic. A possible benfit might be | that larger circuit sizes might mean that an attack might not be able | to overwhelm the larger capacities especially if backbone sizes are | the constricting factor, not peering circuits or optical VPN circuits | at the optical IX. Although this MS-SQL worm used a lot of bandwidth because of the embedded exploit code, usually worms scan first and try exploiting after. Such scan requires few bytes, so even a T-3 would carry a lot of host scans per second, and could case many routers to die on the receiving end because of packets-per-second or news-arps-per-second or syslogs-per-second limitations. I think the worst danger of large circuits would be the uplink capacity; a bunch of infected hosts would easily fill up a T-3 trying to scan for new hosts to attack, limiting the worm propagations speed, but an OC-192 might end up carrying all of the scan traffic and infect more hosts faster. Rubens
Current thread:
- Re: Tracing where it started, (continued)
- Re: Tracing where it started Pete Ashdown (Jan 25)
- Re: Tracing where it started Alex Rubenstein (Jan 25)
- Message not available
- Re: Tracing where it started Daniel Senie (Jan 25)
- Re: Tracing where it started Pete Ashdown (Jan 25)
- Re: Tracing where it started Travis Pugh (Jan 25)
- Re: Tracing where it started Johannes Ullrich (Jan 25)
- Re: Tracing where it started Alex Rubenstein (Jan 25)
- Re: Tracing where it started Mike Leber (Jan 25)
- Re: Tracing where it started Scott Granados (Jan 25)
- Re: Tracing where it started Johannes Ullrich (Jan 26)
- mSQL Attack/Peering/OBGP/Optical exchange David Diaz (Jan 26)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Rubens Kuhl Jr. (Jan 26)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Kurt Erik Lindqvist (Jan 30)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Vijay Gill (Jan 30)
- Re: mSQL Attack/Peering/OBGP/Optical exchange David Diaz (Jan 30)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Vijay Gill (Jan 30)
- Re: mSQL Attack/Peering/OBGP/Optical exchange David Diaz (Jan 30)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Stephen Stuart (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Vijay Gill (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Randy Bush (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Stephen Stuart (Jan 31)
- Re: mSQL Attack/Peering/OBGP/Optical exchange Jack Bates (Jan 31)