Hi, some might be interested in this weekly newsletter Net Watch
http://www.net-watch.org/
cheers
martin
---------- Forwarded message ----------
Date: Fri, 28 Jun 2002 12:19:32 +0100
From: Net Watch <[log in to unmask]>
To: m.dodge <[log in to unmask]>
Subject: issue 3 :: 28 june 2002
_ _ _
_ _ ___| |_ _____ __ ____ _| |_ __| |_ ___ _ _ __ _
| ' \/ -_) _|___\ V V / _` | _/ _| ' \ _/ _ \ '_/ _` |
|_||_\___|\__| \_/\_/\__,_|\__\__|_||_(_)___/_| \__, |
-----------------------------------------------------|___/---
www.net-watch.org 28 june 02 :: issue three
-------------------------------------------------------------
SUBSCRIBE: http://www.net-watch.co.uk/subscribe.htm
UNSUBSCRIBE: http://www.net-watch.co.uk/unsubscribe.htm
-------------------------------------------------------------
[.THIS.WEEKS.NEWS.]........................................
001 WorldCom Making Mess of US Connectivity
002 KPNQwest Causes Rumbles Through Europe
003 Demon's Mail Servers Hit By Open Relay Config
004 LINX Router Problems Cause Net Brownouts
[.SECURITY.FOCUS.].........................................
005 OpenSSH Hole Allows Box Control
006 MS Commerce Server Vulnerability
007 This Weeks' Virus Alerts
[.INTERNET.PERFORMANCE.MONITOR.]...........................
008 Usability Score Report
009 Weekly Statistics
[.IN.DEPTH.ISP.]...........................................
010 European ISP Report
011 Latency, Packet Loss and Availability
[.WEB.USAGE.SPY.]..........................................
012 Statistical Information
013 Average Statistics of Home Web Use (Apr 02)
014 Top 20 Search Terms This Week
015 Browser Wars
[.INTERNET.POPULATION.]....................................
016 Top Internet Penetrated Countries
017 Penetration by Top Level Domain
[.RFC.OVERVIEW.]............................................
018 RFC Listings
019 This Week's Published RFCs
[.CHEER.UP.ITS.NOT.ALL.THAT.BAD.]...........................
020 Good Reading
021 Funny News
022 Bye Then
-------------------------------------------------------------
[ THIS WEEKS NEWS ]
001::WORLDCOM MAKING MESS OF US CONNECTIVITY
It was uncovered on Wednesday that WorldCom had used some
creative accounting to make a $3.8bn loss over 5 quarters
appear as capital expenditure. CFO Scott Sullivan was
chucked, and Senior VP David Myers resigned as the SEC
moved in for the kill.
Fears are growing over WorldCom's security as 17,000
employees will start to be laid off today. Their credit
rating has been hit hard, and telecoms share prices are
tumbling.
Except, that is, for AT&T. With the job losses and
speculation surrounding WorldCom, anaylists believe many
customers will move over to AT&T (who have already picked
up new customers from the KPNQwest debacle).
Many see the future of WorldCom as the big 11, but as the
major supplier of every other wireline provider in the US,
and a major supplier to many corporations, this would
cause serious problems.
002::KPNQWEST CAUSES RUMBLES THROUGH EUROPE
The collapse of KPNQwest has left 25,000km of cable
up for grabs from the liquidators. Over 40 bids have
been received, and as we predicted last week AT&T still
remains favourite.
One of KPNQwest's major customers, Fibernet, is starting
to feel the pressure. They have suspended German and
French national networks, after a rethink in strategy.
KPNQwest's fibre made up over 80% of their network.
003::Demon's Mail Servers Hit By Open Relay Config
Demon recommends that customers check their mail configs,
as performance across the UK drops to snail's pace. They
claim an unexpected amount of spam is the cause of the
problems, and that open relay mail servers are to blame.
Port 80 traffic is also having problems, which Demon are
putting down to a massive reshuffle at LINX. Demon has
been busy with planned outages to accommodate LINX over
the last two weeks, but a software problem has emerged
in their core routers / switches.
Backing out of this reshuffle would cause them to lose
most, if not all, of their peering. "[It] is not an
option."
004::LINX ROUTER PROBLEMS CAUSE NET BROWNOUTS
LINX suffered from a faulty management card on a switch
at their London Docklands exchange yesterday. Removing
the faulty card didn't prevent further route flaps across
customer's networks, causing the removal of the entire
switch.
They are currently in talks with the vendor of the switch
to find out the cause of the fault. Even though the whole
switch was removed, LINX assured customers the network
is still stable.
-------------------------------------------------------------
[ SECURITY FOCUS ]
005::OPENSSH HOLE ALLOWS BOX CONTROL
ISS issued an alert on Wednesday that the OpenSSH daemon
has a flaw in it's challange-response authentication, on
default install on OpenBSD.
Version 3.3 allows a response by an intruder to cause an
overflow. At best, a DoS attack can be expected, or worst
case allows attackers super user access.
Upgrade to 3.4 is highly recommended by all, as this flaw
is currently being exploited by hackers.
006::MS COMMERCE SERVER VULNERABILITY
Well, several actually. Four vulnerabilities are in 2000,
mainly an unchecked buffer in the ISAPI filters, and also
another unchecked buffer in the API calls.
Patches are available on the Microsoft site.
007::THIS WEEKS' VIRUS ALERTS
W32.Skren.A@mm - spreads to all MSOutlook contacts, with
file attachment "KellyOsbourne.com.gz".
BAT.Beckow.B@mm - spreads to all MSOutlook contacts and
over IRC with mIRC scripting. Copies itself to A:, and
overwrites .reg, .vbs, .bat, .ifk. pif and .lnk files.
Attempts to kill some AV software.
W32.MyPower.B@mm - spreads to all contacts in Windows
Address Book, with one of four random subject lines:
* New, Patch for, Crack For, The Best
* microsoft, Borland, ZDnet
* Tucows, Windows, Program
* Animated, Protection, Saver, Fixed, Saving, Games,
3DFx Studio
Using VBScript, it also chooses random file attachments
from 8 possibilities, either with a .exe or .scr extension
and is packed with PE-Pack.
W32.Dotor.A@mm - spreads to all MSOutlook contacts with
subject line "NewTool for Word Macro Virus" with a file
attachment of "Doctor.exe"
W97M.Dotor.A@mm - drops Doctor.exe in /windows and puts
itself to startup in the registry. The VBScript payload
infects MSWord documents, setting macro security to "1".
Backdoor.Sparta - trojan that removes some AV software
and firewalls, allowing access to the box. It drops a
key in the registry to run on Windows startup, using
Rundll32b.exe in /windows/system.
XM.Laroux.UB - macro virus spreading under Excel 95, 97,
2000 and XP. No payload, it just replicates.
-------------------------------------------------------------
[ INTERNET PERFORMANCE MONITOR ]
008::USABILITY SCORE REPORT
This report covers "usability scores" for regions of the
Internet. These scores are generated by comparing the
current ping time of various servers in that region, with
their previous ping times over the last few units (days,
months, whatever).
A final number is achieved, between 0 and 10. This is
used as a "usability score" to show how the Internet is
performing compared to previous logs.
009::WEEKLY STATISTICS
Generally Europe
5.8-+ 6.6-+
5.7 | . 6.4 | .
5.6 |. . . 6.2 | . .
5.5 |. . . 6.0 |. . . . .
5.4 |. . . . . 5.8 |. . . . . .
5.3-+. . . . . 5.6-+. . . . . . . .
5.2 |. . . . . . 5.4 |. . . . . . . .
5.1 |. . . . . . 5.2 |. . . . . . . .
5.0 |. . . . . . . . 5.0 |. . . . . . . .
4.9 |. . . . . . . . 4.8 |. . . . . . . .
+---------------- +----------------
f s s m t w t f f s s m t w t f
r a u o u e h r r a u o u e h r
i t n n e d u i i t n n e d u i
North America Australia
5.6-+ . 6.2-+ .
5.4 | . . 6.0 |. . .
5.2 |. . . . 5.8 |. . . .
5.0 |. . . . . 5.6 | . . . . . .
4.8 |. . . . . . 5.4 |. . . . . . . .
4.6-+ . . . . . . 5.2-+. . . . . . . .
4.4 |. . . . . . . 5.0 |. . . . . . . .
4.2 |. . . . . . . . 4.8 |. . . . . . . .
4.0 |. . . . . . . . 4.6 |. . . . . . . .
3.8 |. . . . . . . . 4.4 |. . . . . . . .
+---------------- +----------------
f s s m t w t f f s s m t w t f
r a u o u e h r r a u o u e h r
i t n n e d u i i t n n e d u i
This gave an average Global score of 5.5 for the week.
------------------------------------------------------------
[ IN DEPTH ISP ]
010::EUROPEAN ISP REPORT
The figures below show average latency for that particular
ISP over the last 7 days. Less than 75ms is perfection,
between 75ms and 175ms is acceptable and anything over
175ms is awkward.
011::LATENCY, PACKET LOSS AND AVAILABILITY
Service Provider | Latency | Packet Loss | Availability
-------------------+---------+-------------+-------------
Abovenet | 149ms | 0% | 100%
Cable & Wireless | 150ms | 0% | 100%
Colt | 165ms | 0% | 100%
Ebone | 153ms | 0.7626% | 100%
France Telecom | 169ms | 0 | 100%
GNC Networks | 186ms | 33.3% | 66.7%
Global Crossing | 146ms | 0% | 100%
Globix | 142ms | 0% | 100%
Infonet | 162ms | 0% | 100%
KPNQwest | 174ms | 0.53% | 99.8%
Level3 | 139ms | 1.99% | 98%
SprintLink | 159ms | 0% | 100%
Telefonica | 178ms | 0% | 100%
Teleglobe | 152ms | 0% | 100%
Telia | 168ms | 0.615% | 99.6%
The Swedish IP Net| 164ms | 0% | 100%
Verio | 152ms | 0% | 100%
WorldCom | 165ms | 0% | 100%
-------------------------------------------------------------
[ WEB USAGE SPY ]
012::STATISTICAL INFORMATION
We receive our statistics on a monthly basis, so each week
the topic of stats is rotated. This week we cover average
data on home web users.
013::AVERAGE STATISTICS OF HOME WEB USE (APR 02)
Average Data Categories | April 2002
--------------------------------------------+------------
Number of internet sessions per month | 18
Number of unique domains visited | 48
Page views per month | 497
Page views per internet session | 43
Time spent per month | 9:49:53
Time spend per internet session | 0:32:04
Duration of page viewed | 0:00:44
Active internet universe | 244,540,098
Current internet universe estimate | 428,182,264
014::TOP 20 SEARCH TERMS THIS WEEK
Rank| Search Term | Prev Rank| Search Term | Prev
----+-----------------+----- ----+-----------------+-----
1. | world cup | 1. 11.| las vegas | 16.
2. | dragonball | 2. 12.| spider-man | 10.
3. | kazaa | 6. 13.| eminem | 9.
4. | tattoos | 3. 14.| final fantasy | 13.
5. | britney spears | 4. 15.| father's day | 5.
6. | colorado fires | 19. 16.| wwe | -
7. | morpheus | 17. 17.| star wars | 14.
8. | pamela anderson | 12. 18.| stone cold ste..| -
9. | audiogalaxy | 15. 19.| golf | -
10.| harry potter | 8. 20.| brooke burke | -
015::BROWSER WARS
The statistics below can be pretty poor at times, thanks
to many reasons. Mostly it's down to how certain clients
report their version, then the rest is down to us (sorry).
They will still give a good representation of what's out
there. .
Internet Explorer 6 - 39% Gecko - 2.9%
Internet Explorer 5 - 43% Netscape 4 - 7.2%
Internet Explorer 4 - 1.9% Netscape 3 - 0.1%
Internet Explorer 3 - 0.1% Opera - 1.0%
Internet Explorer 2 - 0% Unknown/Other - 4.2%
-------------------------------------------------------------
[ INTERNET POPULATION ]
016::TOP INTERNET PENETRATED COUNTRIES
Numbers are quoted as thousands.
Country | No. Hosts | No. Users
----------------------+----------------+-----------------
UK | 4080.20 | 26688.3
USA | 75689.3 | 172405.0
Japan | 11419.8 | 99416.6
Germany | 5635.28 | 42539.8
Canada | 6039.43 | 26363.7
Australia | 1820.25 | 10830.4
Finland | 1228.60 | 3843.28
Netherlands | 2750.12 | 15175.3
Sweden | 1725.20 | 7187.66
France | 2038.12 | 22393.3
Norway | 884.28 | 4289.72
Italy | 2503.45 | 18686.1
Taiwan | 2510.49 | 14110.3
New Zealand | 600.379 | 2721.38
Spain | 1848.22 | 13069.3
Denmark | 866.030 | 7001.86
017::PENETRATION BY TOP LEVEL DOMAIN
Numbers are quoted as thousands.
TL-Domain | No. Hosts
----------------------+-----------------
com | 42509.8
net | 66943.6
edu | 8651.37
mil | 2019.29
org | 1403.58
gov | 830.766
us | 1907.57
uk | 2932.18
jp | 8468.61
-------------------------------------------------------------
[ RFC OVERVIEW ]
018::RFC LISTINGS
Format of listings:
#Num - Title of RFC
Size Authors
Each week we look at "Request For Comment" documents that
have been published. This list contains this week's posted
RFCs. Note - these are ALL RFCs, not just the recommended.
Don't get nervous about all the changes, they probably
aren't official yet.
019::THIS WEEK'S PUBLISHED RFCS
There have been no new RFC publications this week.
-------------------------------------------------------------
[ CHEER UP ITS NOT ALL THAT BAD ]
020::GOOD READING
I found this while trawling through Dave Barry's funny
writings. I was trying to find an old document that
floated around dial-up BBSs in the 90s, but without any
success.
Dr. Roger A. Hunt, Ph.D, Director, American Institute of
Pyrotartology gives his report of "The Flaming Pop-Tart
Experiment".
http://www-personal.umich.edu/~gmbrown/tart/
021::FUNNY NEWS
This has had me laughing all week. CardCops have
discovered that credit card fraudsters not only swap
card numbers in IRC chat rooms, but that a bot has been
designed to check them by charging a small amount. Of
course this operates as a scam - the charge is so tiny
that most card holders wouldn't notice them, the bot
owners grab the fees charged from them (it sure adds up),
and carders get to check if their numbers are valid.
So what did CardCops do? Instead of tapping into this
useful resource and informing the appropriate card
companies, they announced the scam publically. Oh, and
set up a website for members of the public to check to
see if their card has been comprimised by the scammers.
Let me get this straight. They set up a website where
people enter credit card numbers, to see if they are
registered as stolen/comprimised? Can't, like, hackers use
that too?
Well, no, actually. The website got so many hits when it
went live, their web server fell over.
022::BYE THEN
That's it for another week. As promised we threw in a few
more sections, and deleted ones that didn't cut the
mustard.
But now I must return the job that pays for all this, as
I'm sure you must too.
If you're in a talkative mood, feel free to forward this
to friends. It's always nice to see the new subscribers
roll in every day.
Or if not, check out NTK - it's like this but with less
numbers... http://www.ntk.net
-------------------------------------------------------------
(c)2002 net-watch.org - all rights reserved
Visit us at... feel free to steal bits,
http://www.net-watch.org but link back to us.
-------------------------------------------------------------
|