Full Disclosure mailing list archives
Re: interesting?
From: Simon Marechal <pingouin () rhapsodyk net>
Date: Sat, 1 Feb 2003 15:03:50 +0100
On Sat, Feb 01, 2003 at 01:54:36PM +0100, Simon Richter wrote:
Hi,According to the analysis posted to NANOG by a number of researchers (http://www.caida.org/analysis/security/sapphire/), It infected the majority of hosts within the first 10 minutes.[...]This seems important is because it shows that a high rate of saturation can be achieved among network nodes as effectively (if not more so) using random distribution, as by using a structured or hierarchical distribution strategy.Actually, that was what the worm author did. The algorithm generates new numbers from the current (i.e. it has some sort of knowledge what hosts have already been infected) plus a not-really-predictable component (system time, IIRC) plus some sort of counter because the system clock is so slow. So what we have witnessed is the structured approach. The question remains whether the worm author is a maths wizard or just plain lucky.
Using a random distribution is easier to code than another kind. Plus, if you use a hierarchical way, you'd better be a REALLY good math wizz to make sure 2 worms won't cover the same ip-range. Using a random distribution is the best no-brainer way to make sure having 500 worms will produce a 500 times wider coverage. PS:what you're describing looks like a pseudo random generator ... doesn't look like a structured approach. Do you have a link to that generator description? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- interesting? batz (Jan 31)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? Ka (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Roland Postle (Feb 01)
- Re: interesting? Geoincidents (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? batz (Feb 01)
- Re: interesting? Gregory Steuck (Feb 01)
- Re: interesting? batz (Feb 01)
- Re: interesting? Bruce Ediger (Feb 01)