| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pingouin at rhapsodyk.net (Simon Marechal) Subject: interesting? On Sat, Feb 01, 2003 at 01:54:36PM +0100, Simon Richter wrote: > Hi, > > > According to the analysis posted to NANOG by a number of > > researchers (http://www.caida.org/analysis/security/sapphire/), > > It infected the majority of hosts within the first 10 minutes. > > [...] > > > This seems important is because it shows that a high rate > > of saturation can be achieved among network nodes as > > effectively (if not more so) using random distribution, as by > > using a structured or hierarchical distribution strategy. > > Actually, that was what the worm author did. The algorithm generates new > numbers from the current (i.e. it has some sort of knowledge what hosts > have already been infected) plus a not-really-predictable component > (system time, IIRC) plus some sort of counter because the system clock > is so slow. > > So what we have witnessed is the structured approach. The question > remains whether the worm author is a maths wizard or just plain lucky. Using a random distribution is easier to code than another kind. Plus, if you use a hierarchical way, you'd better be a REALLY good math wizz to make sure 2 worms won't cover the same ip-range. Using a random distribution is the best no-brainer way to make sure having 500 worms will produce a 500 times wider coverage. PS:what you're describing looks like a pseudo random generator ... doesn't look like a structured approach. Do you have a link to that generator description?
Powered by blists - more mailing lists