Slammer revisited

With all the hand wringing the last few days about the Wired report on the Slammer worm, I had expected the article to detail some amazing new fact that might trigger even more of these types of attacks.

Silly me!

The actual article, which will appear in print in the July issue (which is probably on sale now) is a pretty good summation of the worm, but has nothing new to offer that wasn't available within 48 hours of the original attack. The BGP (Border Gateway Protocol) traffic graphs were new to me (although I'm sure that millions of other people had seen this data). That was it.

What wasn't shown in the article, and I had found very interesting at the time was a time lapse world view of UDP traffic. If I recall correctly, it showed the UDP network saturation moving eastward very quickly (basically, covering the globe within about 30 minutes or so). This CAIDA paperisn't exactly what I was looking for, but shows the contamination after thirty minutes.The picture shows before and after (separated by about 30 minutes). At the time I originally read the article, I guess I missed the link to another set of BGP graphs. That data appears to have been aggregated from the Route Views Project.