nanog mailing list archives

RE: worm information

From: "Christopher J. Wolff" <chris () bblabs com>
Date: Sat, 10 Apr 2004 11:37:15 -0700


Thank you for the input.  The 'unique' feature of this infestation is that
affected hosts don't transmit a lot of data...however they do open up
thousands of flows in a very short time.  Perhaps that's not unique but it
certainly is annoying.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
ravi pina
Sent: Saturday, April 10, 2004 11:30 AM
To: Darrell Greenwood
Cc: 'nanog list'
Subject: Re: worm information


On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one
point in time:


On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following :


http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm

File Not Found... 'l' missing from end of 'htm'.

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html

this is correct.  my organization has been infected with this
and it is a particular nasty little bugger.  we may have been
'patient 0' in terms of sending copies of the virus to symantec
so they could write signatures for it.  infected hosts flood
the network with a tremendous amount of data and port opening.

i at least manged to quarantine off all my vpn devices which
seemed to be the entry point.

-r

Current thread:

worm information Christopher J. Wolff (Apr 10)
- Re: worm information Jeff Workman (Apr 10)
  - Re: worm information Darrell Greenwood (Apr 10)
    - Re: worm information ravi pina (Apr 10)
    - RE: worm information Christopher J. Wolff (Apr 10)
    - Re: worm information ravi pina (Apr 10)
    - RE: worm information Christopher J. Wolff (Apr 10)
- Re: worm information Jack McCarthy (Apr 12)