| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030201125436.GO6545@phobos.fs.tum.de> From: Simon.Richter at hogyros.de (Simon Richter) Subject: interesting? Hi, > According to the analysis posted to NANOG by a number of > researchers (http://www.caida.org/analysis/security/sapphire/), > It infected the majority of hosts within the first 10 minutes. [...] > This seems important is because it shows that a high rate > of saturation can be achieved among network nodes as > effectively (if not more so) using random distribution, as by > using a structured or hierarchical distribution strategy. Actually, that was what the worm author did. The algorithm generates new numbers from the current (i.e. it has some sort of knowledge what hosts have already been infected) plus a not-really-predictable component (system time, IIRC) plus some sort of counter because the system clock is so slow. So what we have witnessed is the structured approach. The question remains whether the worm author is a maths wizard or just plain lucky. Simon -- GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030201/969ff8ef/attachment.bin
Powered by blists - more mailing lists