10 years of SQL Slammer
I just found out that today (January 25th) is the 10th anniversary of the SQL Slammer worm. If you haven't braved the archives of these posts (or read through the book), you might want to check this out this post from September 2011:
SQL Slammer worm as seen by router graphs
I forgot to mention in that original post that my graph drops off at the very end (far right) because I found the evil host, jumped into its switch, and turned off its port. Having little shell shortcuts to fire off volleys of appropriate SNMP variable-set commands can be very handy indeed.
Also, this happened before I got to my web hosting support gig, but I talked to some people who were there that night and next morning. They basically wound up walking down the racks and started unplugging the Windows customer machines just to get the network back.
I later pointed some of my ticket queue analysis stuff at that day and saw a queue with hundreds of active tickets. It looked like one for every customer they had at the time. I'm glad I wasn't there answering phones that day. What a complete disaster.