[Dshield] Cisco - ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations

Frank Knobbe frank at knobbe.us
Sat Aug 20 07:08:26 GMT 2005


On Fri, 2005-08-19 at 23:08 +0000, Fergie (Paul Ferguson) wrote:
> I have seen this firsthand -- the botnet DoS attacks have begun,
> and with a furor.

It appears to be an unintended side-effect though.

> I saw an extraordinarily large network brough to it's knees today
> by an IRCbot.es Dos.

It happened before. I have seen worms/viruses (like Nachia for example)
bring down WAN routers due to the overwhelming volume of ARP requests
from the scanning of infected machines. I've seen Bay routers swell up
and pop due to various tables being overflown. It happened before and it
will happen again.

> I felt like Nero -- fiddling while Rome burned.

heh... yeah, we've been blissfully playing the fiddle in our corner of
Rome which has been burning for quite a while now. Whenever the fire
invades our garden, we sprinkle some water and pixe dust on it and all
is well. Good thing we don't see all the flames in the background due to
the heavy smoke.

Cheers,
Frank


-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20050820/01d80a08/attachment.bin


More information about the list mailing list