Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mSQL Attack/Peering/OBGP/Optical exchange

  • From: Rubens Kuhl Jr.
  • Date: Sun Jan 26 19:36:47 2003


----- Original Message -----
| One other considerations is that optical IXs will have a greater
| impact on the internet, possibly good and bad.  With larger circuit
| sizes of OC48 and OC192 for peering.  An attack would have a greater
| ability to flood more traffic.  A failure of a peering session here
| would cause a reroute of greater traffic.  A possible benfit might be
| that larger circuit sizes might mean that an attack might not be able
| to overwhelm the larger capacities especially if backbone sizes are
| the constricting factor, not peering circuits or optical VPN circuits
| at the optical IX.

Although this MS-SQL worm used a lot of bandwidth because of the embedded
exploit code, usually worms scan first and try exploiting after. Such scan
requires few bytes, so even a T-3 would carry a lot of host scans per
second, and could case many routers to die on the receiving end because of
packets-per-second or news-arps-per-second or syslogs-per-second
limitations.

I think the worst danger of large circuits would be the uplink capacity; a
bunch of infected hosts would easily fill up a T-3 trying to scan for new
hosts to attack, limiting the worm propagations speed, but an OC-192 might
end up carrying all of the scan traffic and infect more hosts faster.


Rubens






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.