Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

AW: short Blaster propagation algorithm analysi s

From: vogt () hansenet com
Date: Thu, 14 Aug 2003 13:23:00 +0200
"* It uses a "choose random IP, then scan sequentially from there"
algorithm"

It is not always a random IP that is chosen. Each time a host 
is infected,
there is a 40% chance that it will begin at the first address 
of its "Class
C"-size subnet (x.x.x.0), and a 60% chance that it will start at a
completely random IP address with the last octet set to 0
([1-254].[0-253].[0-253].0).


So it does have a local preference like the later CR. This does
affect propagation speed, especially during the early phase.
Thanks for the update, I'll see that I include it.



Tom Vogt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: