Warning -- floods of Allaple worm alerts.... sid:2: msg#00120

OSDir News:

05/09	Skype Gives Up Anti-GPL Appeal From the FTW dept.: ...In the end, the court hinted twice that if it was to judge ab..
05/08	GPL vs. Skype Back In Court From the Enforcement dept.: Tomorrow at 10:30am at the Oberlandesgericht Muenchen (h..
05/08	Moz Firefox Shipped Malware Attached to Extention From the Knowing is Better Than Not dept.: The Vietnamese language pack for Firefox ..
05/08	Harvard Law votes Yes on open access From the The Right Kind dept.: The faculty of Harvard Law School has unanimously app..
05/08	FBI Withdraws Unconstitutional National Security Letter After ACLU and.. From the The Wrong Kind of Open Access dept.: The FBI has withdrawn an unconstitutio..
05/07	OpenOffice.org 3.0 Beta From the Oh! OOo dept.: The most immediately visible change to OpenOffice.org 3.0 is..

Warning -- floods of Allaple worm alerts.... sid:200329(2-5): msg#00120

Subject:	Warning -- floods of Allaple worm alerts.... sid:200329(2-5)

Hi

Over the last 24 hours we have had about 50 sources fire 20 million ping
packets containing the string that triggers the Allaple signature.  The
only affect it has has is to gum up my snort database.   I don't believe
this is worm traffic and if is a ddos it is pretty feeble.  It was
however a fairly effective dos against my snort system -- two sensors
saw this traffic so that's a total of over 40 million events in the
database.  :(

I have now disabled all those rules and am (slowly) deleting all the
records from the data base.   Can I suggest that these rules be disabled
by default with a comment saying why.

Anyone got any idea why this traffic was sent (I doubt if they were
really trying to attack my snort system).   They have sent enough
traffic to random addresses to map our network 200 times over.

Russell.

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt
Next by Date:	Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5), Matt Jonkman
Previous by Thread:	Error With Flowbit dce.bind.netware_cs, Bamm Visscher
Next by Thread:	Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5), Matt Jonkman
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
java.jikes.rvm.... php.gtk+.genera... text.xml.xtm.ge... ietf.mobileip/2... cryptography/20... os.freebsd.deve... kde.cervisia/20... encryption.gpg.... redhat.general.... lvm.devel/2002-... bug-tracking.bu... web.zope.public... ubuntu.devel.ch... db.postgresql.p... freebsd.devel.s... version-control... hardware.sony.l... yellowdog.gener... miros.general/2... apache.mod-pyth... suse.programmin... xfree86.cvs/200... network.serveez...

Home | blog view, Court Document Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo