Security Incidents mailing list archives
Re: .ida Intrusion Attempt
From: "E. Larry Lidz" <ellidz () eridu uchicago edu>
Date: Fri, 20 Jul 2001 08:53:36 -0500
Stuart Staniford writes:
show a sudden dramatic increase in the probe rate earlier this morning (US time). This could be consistent with a new version which is spreading much more effectively (possibly because it seeds its random number better). I'm trying to fit this data.
The numbers look, loosely, like a bell curve to me. I'm not a statistician, but isn't this loosely what we'd expect to see? That as it compromises more machines it spreads itself asymptotically? And then, once it hits a certain threshold people take note and start shutting down the machines doing the attacking? -Larry --- E. Larry Lidz Phone: (773)702-2208 Sr. Network Security Officer Fax: (773)702-0559 Network Security Center, The University of Chicago PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: .ida Intrusion Attempt, (continued)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)
- Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
- RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- Re: .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- RE: .ida Intrusion Attempt Ulrich Keil (Jul 19)
- Re: .ida Intrusion Attempt Russell Fulton (Jul 19)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)
- Re: .ida Intrusion Attempt E. Larry Lidz (Jul 20)
- Re: .ida Intrusion Attempt Kyle R Maxwell (Jul 20)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)