Security Incidents mailing list archives
Re: .ida Intrusion Attempt
From: Kyle R Maxwell <kmaxwell () superpages com>
Date: Fri, 20 Jul 2001 11:55:36 -0500 (CDT)
I don't believe this should be considered like a bell curve. That famous curve is a histogram, showing displacement from a mean. A time graph is a totally different model. However, I suspect you're right: as the day progressed and admins came to realize what was going on, machines began to be shut down and (hopefully) patched. BTW, kudos to Stuart for a highly interesting analysis! On Fri, 20 Jul 2001, E. Larry Lidz wrote:
Stuart Staniford writes:show a sudden dramatic increase in the probe rate earlier this morning (US time). This could be consistent with a new version which is spreading much more effectively (possibly because it seeds its random number better). I'm trying to fit this data.The numbers look, loosely, like a bell curve to me. I'm not a statistician, but isn't this loosely what we'd expect to see? That as it compromises more machines it spreads itself asymptotically? And then, once it hits a certain threshold people take note and start shutting down the machines doing the attacking? -Larry --- E. Larry Lidz Phone: (773)702-2208 Sr. Network Security Officer Fax: (773)702-0559 Network Security Center, The University of Chicago PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- Kyle Maxwell kmaxwell () superpages com SuperPages.com Sys Admin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: .ida Intrusion Attempt, (continued)
- Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
- RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- Re: .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- RE: .ida Intrusion Attempt Ulrich Keil (Jul 19)
- Re: .ida Intrusion Attempt Russell Fulton (Jul 19)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)
- Re: .ida Intrusion Attempt E. Larry Lidz (Jul 20)
- Re: .ida Intrusion Attempt Kyle R Maxwell (Jul 20)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)