Full Disclosure mailing list archives
Re: interesting?
From: "Roland Postle" <mail () blazde co uk>
Date: Sat, 01 Feb 2003 13:39:58 +0000
On Fri, 31 Jan 2003 22:58:29 -0500 (EST), batz wrote:
This seems important is because it shows that a high rate of saturation can be achieved among network nodes as effectively (if not more so) using random distribution, as by using a structured or hierarchical distribution strategy.
It might seem frightening that sapphire reached 90% infection in 10 minutes, but this is a feature of it's aggressive conectionless scanning with single packets, and the small address space the internet has, not it's particular scanning strategy. For a good discussion of (much) more effective strategies read, "How to 0wn the Internet in Your Spare Time" http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html excerpt: "We discuss techniques subsequently employed for achieving greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly virulent possible techniques: hit-list scanning (which creates a Warhol worm), permutation scanning (which enables self-coordinating scanning), and use of Internet-sized hit-lists (which creates a flash worm). " - Blazde _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- interesting? batz (Jan 31)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? Ka (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Roland Postle (Feb 01)
- Re: interesting? Geoincidents (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? batz (Feb 01)
- Re: interesting? Gregory Steuck (Feb 01)
- Re: interesting? batz (Feb 01)
- Re: interesting? Bruce Ediger (Feb 01)