Full Disclosure mailing list archives

Re: interesting?

From: "Roland Postle" <mail () blazde co uk>
Date: Sat, 01 Feb 2003 13:39:58 +0000

On Fri, 31 Jan 2003 22:58:29 -0500 (EST), batz wrote:

This seems important is because it shows that a high rate
of saturation can be achieved among network nodes as
effectively (if not more so) using random distribution, as by 
using a structured or hierarchical distribution strategy.


It might seem frightening that sapphire reached 90% infection in 10
minutes, but this is a feature of it's aggressive conectionless
scanning with single packets, and the small address space the internet
has, not it's particular scanning strategy. For a good discussion of
(much) more effective strategies read,

"How to 0wn the Internet in Your Spare Time"
http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html

excerpt: "We discuss techniques subsequently employed for achieving
greater virulence by Code Red II and Nimda. In this context, we develop
and evaluate several new, highly virulent possible techniques: hit-list
scanning (which creates a Warhol worm), permutation scanning (which
enables self-coordinating scanning), and use of Internet-sized
hit-lists (which creates a flash worm). "

- Blazde

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

interesting? batz (Jan 31)
- Re: interesting? Berend-Jan Wever (Feb 01)
  - Re: interesting? Ka (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
  - Re: interesting? Simon Marechal (Feb 01)
    - Re: interesting? Simon Richter (Feb 01)
    - Re: interesting? Simon Marechal (Feb 01)
    - Re: interesting? Roland Postle (Feb 01)
    - Re: interesting? Geoincidents (Feb 01)
- Re: interesting? Roland Postle (Feb 01)
  - Re: interesting? batz (Feb 01)
    - Re: interesting? Gregory Steuck (Feb 01)
    - Re: interesting? batz (Feb 01)
    - Re: interesting? Bruce Ediger (Feb 01)
- Re: interesting? Blue Boar (Feb 01)