|
I talked to a friend who works over at Georgia State. He was called into work about 3:00am Saturday morning, and stayed there until 4pm that afternoon, trying to get control of the network.
He says the Slammer worm was pumping out about 2 gigabits a second out to the Internet. The real surprise to me - that traffic was from only 30-40 infected hosts. It actually makes some sense, if you break it down:
- Once a host is infected, it starts sending 376 byte UDP packets as fast as possible
- 2e9 bits/sec = 250 mbytes/sec, or ~ 665,000 376 byte packets/second
- Over 40 hosts, that's 16,000 packets/second, or about 50 mbits/second per host.
So each host is using about half of a 100mbits/sec ethernet connection.
The scary part of that number: assuming the worm probes the net randomly, Georgia State alone sending out almost 2.4 billion probes per hour. No wonder this thing took down the net so quickly.
9:30:57 PM 
|
|
