Re: CRv2 - Questions

["Ronald Tse" <ronald () vitagreen com>]

I thought the worm skipped 127.x.x.x and 224.x.x.x addresses?
(From eEye's analysis)

Thanks
Ronald Tse

----- Original Message -----
From: "Jose Nazario" <jose () biocserver BIOC cwru edu>
To: "Incidents SecurityFocus" <incidents () securityfocus com>
Sent: Tuesday, July 24, 2001 3:31 AM
Subject: RE: CRv2 - Questions


> On Mon, 23 Jul 2001, The Death wrote:
>
> > You are right, i did not notice that the total number is covering the
> > entire possible 32-bit positions (therefore, all IPs). In any case,
> > this IS considered a PRNG, it is just that the seeding configurations
> > (using static seeds and not random seeds) break the security, and
> > bring it to a level of a simple, known, list.
>
> i intended to do this analysis of 'randb', the class b PRNG used in ramen
> and its cousins. never got around to it, happy to see that someone else
> has looked at CR's PRNG. (ie warn the networks which are most likely to
> show up as targets based on the output of the PRNG.)
>
> however, the fact that it hit *all* values of 2^32 suggests it probably,
> like ramen did, screwed with the multicast networks. ie the traffic storms
> were massive. any word from you mcast people on the fallout from CR?
>
> ____________________________
> jose nazario      jose () cwru edu
>            PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
>        PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com