[Dshield] Blaster / Nachia Fightback Update

Johannes Ullrich jullrich at euclidian.com
Fri Aug 29 04:40:05 GMT 2003

Just a quick update on our efforts to notify ISPs about
infected hosts.

In addition to the usual fightback, I am providing lists of
"port 135 scanners" to ISPs. A few report that they are using
these to notify customers.

Overall, ISPs have a lot of work ahead of them notifying customers.
I don't expect the traffic to die down soon, and will revisit this
once the first round of notifications is complete.

Past events have thought us that this traffic is going to stick 
with us for quite a while. The ICMP floods from Nachia are a bit
concerning, but maybe this will speed up cleanup as its hard to
use an infected machine.

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list