Date: Tue, 18 Sep 2001 20:20:05 -0400 From: Bill Vermillion <bill@wjv.com> To: Eric_Stanfield@kenokozie.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Code Red?! Message-ID: <20010918202005.B19613@wjv.com> In-Reply-To: <OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26@kka.com>; from Eric_Stanfield@kenokozie.com on Tue, Sep 18, 2001 at 04:17:58PM -0500 References: <OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26@kka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 18, 2001 at 04:17:58PM -0500, Eric_Stanfield@kenokozie.com thus sprach: > I find it interesting that everyone I've talked to today has > logged the initial nimda attack within 30 seconds of the time you > listed below (after adjusting for timezones). I've seen an accelleration of the attack this evening [EST]. I've had log files just exploiding in size. They are growing at well over 500 lines per minute. We have a small company doing specialized work and we have our own racks in a communications facility. The servers have 100Mbit uplinks into the OC-192 backbone so I'm not going to be limited by pipe width, which also means that I can't get faster too. I've just turned off all logging for web traffic as I didn't want to have the systems fall over for lack of drive space. Just a reminder here to check your log files to make sure something like this doesn't happen to you. Just a file guess but here the nimda traffic is probably about 5 times more than the highest CodeRed days. I'm sure glad I have NO MS machines that I maintain but a client has two in our racks and I called them about 1030 this AM. I wish them luck. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918202005.B19613>