Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CRv2 multiple scans from same source IP

From: Valdis.Kletnieks () vt edu
Date: Sun, 05 Aug 2001 23:23:00 -0400
On Sun, 05 Aug 2001 20:39:14 EDT, John Davidson <jwd_ods () hotmail com>  said:


The IP is outside my Class A address space. From the analysis of CRv2
published at www.eeye.com this should not be possible, or at least the
likelihood of such an occurence is much greater than winning a very big
lottery... I should maybe buy a ticket! ;-).


The odds of winning a large lottery are usually on the order of 1 per million.

A million tickets sold is a *lot*.  A million probes is *nothing*.  Figure out
how many scans/second 10,000 hosts with CodeRedII (which has 300-600 non-blocking
threads) will produce...

At that rate, you dont NEED a very high chance of popping into a new /8 or /16. ;)
-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: