lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: 100 Worms per Second, Courtesy of Telstra > Pardon my delurk, but this is very strange worm behavior. We are seeing > 100 SQL Worms per second from a single IP address on Telstra. This is > about 10k times the level of activity we are seeing from any other > address. That is certainly odd. > Anyone here either know anyone at Telstra who can shut this off, or > perhaps at least some explanation of why this worm instance would set > aside its usual randomish behavior and flood us like this? There seems to be a major weakness in the scanning pattern of this worm that makes it flood some addresses far more extensively than others. Considering that the entire 'random' generator is just a trivial bit shift of the system timer, it can't be expected to be really 'random' at all.
Powered by blists - more mailing lists