lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <DF79BE12AF8DD344B107D0D03621E5750ED9B9@kermit.corp.hansenet.com> From: vogt at hansenet.com (vogt@...senet.com) Subject: AW: short Blaster propagation algorithm analysi s > > It is not always a random IP that is chosen. Each time a host > > is infected, > > there is a 40% chance that it will begin at the first address > > of its "Class > > C"-size subnet (x.x.x.0), and a 60% chance that it will start at a > > completely random IP address with the last octet set to 0 > > ([1-254].[0-253].[0-253].0). I've added these parameters to my worm propagation simulation and it is very obvious that this hurts propagation speed considerably. In fact, a simple random algorithm (pick IP completely at random) would have been faster by a factor of almost two. Whoever wrote this thing either had no grasp on worm propagation whatsoever, or he had and wanted it to spread badly. If you write something that is half as fast as even the most obvious and trivial propagation algorithm, you're either very dumb or very smart. Tom Vogt
Powered by blists - more mailing lists