Full Disclosure mailing list archives
RE: AT&T early warning system
From: "Bruce Ediger" <eballen1 () qwest net>
Date: Sat, 18 Oct 2003 21:28:11 -0600 (MDT)
On Sat, 18 Oct 2003, S G Masood wrote:
IMHO, testing on a private network is always preferable for highly accurate predictions.
My guess is that the msblast worm's author did do testing on a private network. I wrote a simulation of msblast that placed susceptible hosts in "bands" in a 16-bit address space. (http://www.users.qwest.net/~eballen1/nws/, section "msblast - effect of banded address space") msblast-style sequential probing does pretty well in a smaller address space that has victim hosts in blocks. That style of probing does poorly against victim hosts placed at random addresses, even in small address spaces. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)
- Re: AT&T early warning system jkm (Oct 17)
- Re: AT&T early warning system Hoho (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 18)
- RE: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system Sascha Teifke (Oct 18)
- RE: AT&T early warning system Bruce Ediger (Oct 18)
- Re: AT&T early warning system S G Masood (Oct 18)
- Re: AT&T early warning system jkm (Oct 19)
- RE: AT&T early warning system Steve Wray (Oct 19)
- Re: AT&T early warning system Jimmy Alderson (Oct 22)
- Re: AT&T early warning system Jay Sulzberger (Oct 17)