lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030201140350.GA29750@nova>
From: pingouin at rhapsodyk.net (Simon Marechal)
Subject: interesting?

On Sat, Feb 01, 2003 at 01:54:36PM +0100, Simon Richter wrote:
> Hi,
> 
> > According to the analysis posted to NANOG by a number of
> > researchers (http://www.caida.org/analysis/security/sapphire/), 
> > It infected the majority of hosts within the first 10 minutes. 
> 
> [...]
> 
> > This seems important is because it shows that a high rate
> > of saturation can be achieved among network nodes as
> > effectively (if not more so) using random distribution, as by 
> > using a structured or hierarchical distribution strategy. 
> 
> Actually, that was what the worm author did. The algorithm generates new
> numbers from the current (i.e. it has some sort of knowledge what hosts
> have already been infected) plus a not-really-predictable component
> (system time, IIRC) plus some sort of counter because the system clock
> is so slow.
> 
> So what we have witnessed is the structured approach. The question
> remains whether the worm author is a maths wizard or just plain lucky.

Using a random distribution is easier to code than another kind. Plus,
if you use a hierarchical way, you'd better be a REALLY good math wizz
to make sure 2 worms won't cover the same ip-range.
Using a random distribution is the best no-brainer way to make sure
having 500 worms will produce a 500 times wider coverage.

PS:what you're describing looks like a pseudo random generator ... doesn't 
look like a structured approach. Do you have a link to that generator
description?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ