xsprite@bigfoot.com writes:
I think several large isps have been suffering from the side effects of the various http infecting worms going around at the moment.
There's one Windows worm being particularly active (see CERT) and it has the property that it'll scan its own /24 block 50% of the time, its own /16 25% and random 25%, or something like that. Combine this with the fact that most Windows users are too clueless to even know they've been hit, and significant data loss is required to completely remove this worm (it would seem it's a reinstall job), then you have a nasty problem. At least one ISP is now doing HTTP probes on connection and disconnecting people running unpatched IIS servers. That's only going to spread.
Of course, the trans proxies are going to be caned now. That explains it.
Anyone for a "Windows Users: You're Wrecking the Internet!" diatribe? ;-)