Full Disclosure mailing list archives

Re: interesting?

From: Ka <ka () khidr net>
Date: Sat, 1 Feb 2003 16:30:43 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At Samstag, 1. Februar 2003 10:54 Berend-Jan Wever wrote:

The way I see it, it's randomness seems to have
hampered it.


A infection with an ideal randomness starts with
the same infection rate as an ideal distributed
infection. But it's infection rate per host then
declines while more hosts are allready infected
(cause the random methods will tend to re-scan
allready scanned hosts and try to re-infect allready
infected ones). When 50% of the infectable population
has been reached, the rate has allready dropped to
half the initial value.


The ideal (coordinated distributed) infection 
keeps it's initial infection rate (per infected 
and thus participating) host constant.

Roughly one could say a ideal coordinated infection
has reached 100% of all hosts within the time the
random method needs to infected 50% of the infectable
population.


With very fast scans and a high number of infectable
host (as was the case with the Sapphire worm), pseudo
random scan were enough to distribute. But this scan
method also accounted for it's high network impact
and "visibility".

With slower scans and a lesser number of possible targets
(as in the case of slapper) the random scan was just too slow
to get much impact.

Had slapper used a coordinated distributed scanning method
(e.g. using it's p2p network for scan-coordination) it would
certainly have compared "favourably" to sapphire.


I predict this 2 worms are just harmless compared to the ones
to come during the next years. Or have we allready overlooked
the more intelligent species?


Ka
- -- 
Want hear Ancient Music In The Pines?
Must find remote. Must change channel.
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+O+gj72vu22ltWBERAqFIAJ9/C5s/1w9rDiKjR0lJFwLEwPUj7ACdFbxj
qfhAMyxEtgyj2y4AsYHb/j4=
=iA7L
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

interesting? batz (Jan 31)
- Re: interesting? Berend-Jan Wever (Feb 01)
  - Re: interesting? Ka (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
  - Re: interesting? Simon Marechal (Feb 01)
    - Re: interesting? Simon Richter (Feb 01)
    - Re: interesting? Simon Marechal (Feb 01)
    - Re: interesting? Roland Postle (Feb 01)
    - Re: interesting? Geoincidents (Feb 01)
- Re: interesting? Roland Postle (Feb 01)
  - Re: interesting? batz (Feb 01)
    - Re: interesting? Gregory Steuck (Feb 01)
    - Re: interesting? batz (Feb 01)

(Thread continues...)