lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <DF79BE12AF8DD344B107D0D03621E5750ED9AF@kermit.corp.hansenet.com>
From: vogt at hansenet.com (vogt@...senet.com)
Subject: AW: short Blaster propagation algorithm analysi
	s

> "* It uses a "choose random IP, then scan sequentially from there"
> algorithm"
> 
> It is not always a random IP that is chosen. Each time a host 
> is infected,
> there is a 40% chance that it will begin at the first address 
> of its "Class
> C"-size subnet (x.x.x.0), and a 60% chance that it will start at a
> completely random IP address with the last octet set to 0
> ([1-254].[0-253].[0-253].0).

So it does have a local preference like the later CR. This does
affect propagation speed, especially during the early phase.
Thanks for the update, I'll see that I include it.



Tom Vogt

Powered by blists - more mailing lists