[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
From: Simon.Richter at hogyros.de (Simon Richter)
Subject: interesting?
Hi,
> According to the analysis posted to NANOG by a number of
> researchers (http://www.caida.org/analysis/security/sapphire/),
> It infected the majority of hosts within the first 10 minutes.
[...]
> This seems important is because it shows that a high rate
> of saturation can be achieved among network nodes as
> effectively (if not more so) using random distribution, as by
> using a structured or hierarchical distribution strategy.
Actually, that was what the worm author did. The algorithm generates new
numbers from the current (i.e. it has some sort of knowledge what hosts
have already been infected) plus a not-really-predictable component
(system time, IIRC) plus some sort of counter because the system clock
is so slow.
So what we have witnessed is the structured approach. The question
remains whether the worm author is a maths wizard or just plain lucky.
Simon
--
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030201/969ff8ef/attachment.bin
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux