lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: 100 Worms per Second, Courtesy of Telstra

> Pardon my delurk, but this is very strange worm behavior.  We are seeing
> 100 SQL Worms per second from a single IP address on Telstra.  This is
> about 10k times the level of activity we are seeing from any other
> address.

That is certainly odd.

> Anyone here either know anyone at Telstra who can shut this off, or
> perhaps at least some explanation of why this worm instance would set
> aside its usual randomish behavior and flood us like this?

There seems to be a major weakness in the scanning pattern of this worm that
makes it flood some addresses far more extensively than others.  Considering
that the entire 'random' generator is just a trivial bit shift of the system
timer, it can't be expected to be really 'random' at all.


Powered by blists - more mailing lists