Re: .ida Intrusion Attempt

[Kyle R Maxwell <kmaxwell () superpages com>]

I don't believe this should be considered like a bell curve. That famous
curve is a histogram, showing displacement from a mean. A time graph is
a totally different model.

However, I suspect you're right: as the day progressed and admins came
to realize what was going on, machines began to be shut down and
(hopefully) patched.

BTW, kudos to Stuart for a highly interesting analysis!

On Fri, 20 Jul 2001, E. Larry Lidz wrote:

> Stuart Staniford writes:
> > show a sudden dramatic increase in the probe rate earlier this morning
> > (US time).  This could be consistent with a new version which is
> > spreading much more effectively (possibly because it seeds its random
> > number better).  I'm trying to fit this data.
>
> The numbers look, loosely, like a bell curve to me. I'm not a
> statistician, but isn't this loosely what we'd expect to see? That as it
> compromises more machines it spreads itself asymptotically? And then,
> once it hits a certain threshold people take note and start shutting
> down the machines doing the attacking?
>
> -Larry
>
> ---
> E. Larry Lidz                                        Phone: (773)702-2208
> Sr. Network Security Officer                         Fax:   (773)702-0559
> Network Security Center, The University of Chicago
> PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
>
>
> ----------------------------------------------------------------------------
>
>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see:
>
> http://aris.securityfocus.com

-- 
Kyle Maxwell
kmaxwell () superpages com
SuperPages.com Sys Admin





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com