The Book of Trees is now available!      See other retailers
Home     About     VC Book     Stats     Blog     Books     Links     Contact  
Search the VC database:
    Computer Systems  
The materials shown on this page are copyright protected by
their authors and/or respective institutions.
The Effect of Worms on the Internet
Ed Blanchfield
Project Description:
Ed Blanchfield used a Firewall/Intrusion Detection System (IDS) log data to get "before" and "after" graphs showing the impact of an MS-SQL worm, which hit the Internet around January 25th 2003.

When this particular worm hit a large class B sized network, an IDS system designed and implemented by Blanchfield for a large managed services provider, was one of the first sites in the world to detect and report the incident.

Ed posted his original findings and info to various security lists and quickly wrote up a parser to create GDL files from Firewall and IDS logs, which he fed into aiSee Graph Layout Software in order to visually map this worm's effect on their customer's network.

The first image is a visualization of log data for a class B firewall without background worm traffic, while the second represents the same data with background worm traffic. The graphs show just 15 minutes worth of traffic at midnight, but the impact of the worm is already clearly visible. You can imagine what 24 hours must have been like.

Comments (1):
I you like this graph, check out what LGL can do with firewall log data at

Posted by Ed Blanchfield on May 29, 2007 at 1:31 PM (GMT)

*Note* Before you submit your comment, bear in mind there's no guarantee it will be seen by this project's author. In case you want to contact the author directly, please follow the provided URL.
Leave a Comment:
(We're looking for the best solution to avoid unwanted SPAM)
Manuel Lima |