I was the author of the original report, which was released mid-afternoon GMT on 30 June, in the midst of the irregularities noticed over at the Internet Traffic Report. The reason why I raised the question about what could be responsible was that there was nothing that we could see as being responsible for such a significant lengthy deviation (compared to the normal traffic deviation of 3-4 hours).

I suggested 5901 as a possible (note the use of the word possible) cause, given the Top 10 ISC trend, and the availability of a full remote code execution exploit a few days prior. I wasn’t convinced that it was the cause, given that Europe and the US were effectively left out of the traffic deviation.

I have read many of the comments that this has generated across the net and wrote a quick summary (http://www.beskerming.com/commentary/2007/07/04/200/A_Quick_Update_on_Global_Internet_Traffic_Observations) which indicates that there is no observed cause for the deviation, which has now effectively disappeared. I am glad that ATLAS has shown its value in corroborating this information.

I am fully aware of the risks of over-reacting to spikes and dips, along with variation of traffic to various ports, but this seemed out of the ordinary, with no readily available cause. The link to 5901 was more of a loose inference than a formal link.

Thanks for taking the time to respond to the issues raised in my report.