RE: AT&T US Network Slowdown?

Sean_Crandall · August 19, 2003, 6:12am

Dear Nanogers,
Is anyone aware of a "slowdown" issue throughout the US AT&T
network since 8/18 at around 4pm which is causing a lot of
internet circuits (including DSL) to be inaccessible and/or
appear down from the outside world? AT&T says this has been
escalated to "Level 4" with no ETA and affecting the whole
country. I am seeing this problem in the San Francisco area.
Just wondering if anyone else is experiencing anything that
would confirm AT&T's claim, and fishing for more info about
the possible cause and ETA. Thanks!

We are currently seeing the slowdown on our network in San Jose. Started
about exactly the time frame that you mentioned. The rest of the country
(oddly) seems unaffected by this at the moment, but San Jose is getting
hammered by something.

Still trying to sort out exactly where it is coming from.

-Sean

Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
Pleasanton, CA 94588
(925) 201-2530

David_Diaz6 · August 19, 2003, 4:42pm

Spam may be off topic but in this case relevant. Has anyone else noticed bounced emails that appear to have origionated from their nanog email boxes and contain viruses?

Obviously some bot has gone threw the nanog list and is now forging headers such that they appear to come from those addresses, and they are attaching viruses.

The IP address (which may or may not be accurate) appears to be [195.157.87.253].

Has anyone else noticed this recently?

Dave

Valdis_Kletnieks · August 19, 2003, 5:00pm

More likely, some poor lurker at the IP address listed has gotten hit with
one of the *MANY* worms that forge the From: field, and it's happily
forging in the name of all the most common NANOG posters.

My guess is it's w32-SoBig.F. But only because it's today, and that one
seems to be busy today. Ask me next week, it'll be another one.

Petri_Helenius · August 19, 2003, 5:34pm

The IP address (which may or may not be accurate) appears to be
[195.157.87.253].

Has anyone else noticed this recently?

I have received 100+ SoBig trojan emails in the last few hours from
IP 12.107.153.212. It figures, seems to be located in AT&T land
so there might also be connection to previous reports.

Pete

Stephen_J_Wilcox1 · August 19, 2003, 11:47pm

Spam may be off topic but in this case relevant. Has anyone else
noticed bounced emails that appear to have origionated from their
nanog email boxes and contain viruses?

Obviously some bot has gone threw the nanog list and is now forging
headers such that they appear to come from those addresses, and they
are attaching viruses.

not nanog nor sobig but i have recently been receiving emails with viruses to
some very obscure and old email addresses of mine, almost certainly harvested
from some equally obscure old site i have

quite worrying, my impression was that someone was deliberately spamming viruses
out..