Full Disclosure mailing list archives
AW: short Blaster propagation algorithm analysi s
From: vogt () hansenet com
Date: Thu, 14 Aug 2003 13:23:00 +0200
"* It uses a "choose random IP, then scan sequentially from there" algorithm" It is not always a random IP that is chosen. Each time a host is infected, there is a 40% chance that it will begin at the first address of its "Class C"-size subnet (x.x.x.0), and a 60% chance that it will start at a completely random IP address with the last octet set to 0 ([1-254].[0-253].[0-253].0).
So it does have a local preference like the later CR. This does affect propagation speed, especially during the early phase. Thanks for the update, I'll see that I include it. Tom Vogt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: short Blaster propagation algorithm analysi s vogt (Aug 14)