Vulnerability Development mailing list archives
Re: Update to "Code Red" Worm. Its a date bomb, not time.
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 19 Jul 2001 16:06:38 -0700
emerson.c.tan () ca andersen com wrote:
An easy method would be to break up the estimated 196K infections accross a statistical average of bandwidth accross the internet (excluding dial up's as these are not likely to be terribly effective in the attack, nor are they likely to have the right operating systems installed. In the vast majority of cases we are talking about servers and permanently connected workstations). A <Scientific Wild Ass Guess> guess is the figure is in the order of 1-10 's of meg per second. I was unable to find any good reliable statistics about this sort of thing and if someone can point me in the right direction I can do the analysis and see how it compares with what we see tommorow.
Bandwidth generally won't be a problem, at least not all the way at the client end. For a SWAG, use a 128kbps link. It's probably fair to assume that many IIS servers will be on high-speed links. 128,000 bps * 1/8 B/b * 60 s/min * 60 min/hr * 24 hr/day = more than 1.3 GB/day. Or, 128Kbps * 10,000 attacking web servers = 1.2Gbps, or about 2 OC-12s. BB
Current thread:
- Re: A code red that could bring down the net?, (continued)
- Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
- Re: A code red that could bring down the net? security curmudgeon (Jul 26)
- Re: A code red that could bring down the net? Ian Stoba (Jul 25)
- Re: A code red that could bring down the net? Michael Tench (Jul 26)
- Re: A code red that could bring down the net? Jose Nazario (Jul 26)
- Re: A code red that could bring down the net? Meritt James (Jul 24)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Blue Boar (Jul 19)