Download presentation
Presentation is loading. Please wait.
Published byErik Stokes Modified over 9 years ago
1
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan The first message about the worm we got was at 12:00pm, Jan 25. Some engineers of ISPs were call back to handle the unusual network traffic. In the afternoon, many online game were affected by the worm, users report they can not connect to their game servers. The network has been slowing down.
2
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan At 10:00pm, Jan 25, we announced the news about this worm including methods to protect their SQL server. At 11:30am, Jan 26, we published CA-2003- 04 in Chinese. Jan 26, most networks were getting back to normal, TANET (education network) were still down.
3
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan Jan 27, we contacted to Microsoft Taiwan, and they provided a web page to describe the worm and hotfix in the afternoon. Jan 27, TANET were getting back, but we found some routing is corrupted. After Jan 28, all networks came back to normal. There were still a few attack packets shown on the network, but no more incident reported.
4
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log APOL
5
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log Hinet
6
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log TANET
7
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log SEEDNet
8
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Numbers of incidents reported TotalSlammer% Jan 25 ~ Jan 31 1389468.1% Feb 1 ~ Feb 7 5923.4%
9
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Analyze The density and amount number of SQL server is much lower then IIS, situation of infection will not worse then CodeRed. Packet size is larger, it means the packet number will less, and less effect on core routers. (CodeRed sends much more small packets)
10
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Analyze Victims infected by slammer will first against to their local network. And this also means easy to find. ISPs established their response team after CodeRed, so they can control the situation rapidly, and limit the range of damage.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.