Boy, this
is fun.... not!
I've attached a
couple of postings from a listserv I am on for those that are
interested.
We are currently
seeing very high levels of requests for *.ida, cmd.exe, root.exe
readme.eml.
As I mentioned
earlier, were are currently blocking incoming http requests that contain the
strings listed above. Looking this far into packets causes quite a load on
the routers. In fact, it brought the router that performs most of the
routing for Orono campus to its knees twice this afternoon (causing great pain
and suffering for many). We believe we have struck a balance between
router load and filtering at this point so that things should stabilize.
Of course, if the flow increases dramatically again.........
Jeff