For a worm that requires work to install, a crapload of people seem to have managed to contract Worm.Sober.P! So far, my clients seem to be avoiding it okay - but our mailserver has been blocking them at an impressive rate. We peaked at 1,000/minute yesterday. This prompted me to make some changes to our infrastructure:
- Viruses are unzipped/scanned on a ramdrive rather than physical drive. This reduces drive wear, and is a lot faster (as long as there is RAM left!). FreeBSD has a nifty facility to have a RAM drive that becomes a physical drive if RAM is short, so worst case it degrades to it's previous performance level.
- I changed some concurrency settings to avoid running out of swap.
- I firewalled off one host that was hitting us with 1.5mb/s of worm traffic. Too expensive to talk to! (I hate paying for bandwidth use)
So far, today is about as heavily loaded - but our systems have reverted to FreeBSD's traditional "that all you got? Hit me harder!" mode!
Mood: accomplished
Music: Drives whirring
No comments:
Post a Comment