nanog mailing list archives

Re: Monumentous task of making a list of all DDoS Zombies.

From: Scott A Crosby <scrosby () cs rice edu>
Date: 09 Feb 2004 16:32:46 -0600


On Sun, 8 Feb 2004 18:12:46 +0100, Iljitsch van Beijnum <iljitsch () muada com> writes:

But how are you going to infect a million boxes if you can
only scan one address per second?


With a random scanning worm, the expected time could be as low as
about a day.

Assuming the random scanning model from the paper[1], I get:
    0 time: 1 infected host.
   11 hours to infect 1000 hosts.
   25 hours to infect 800k hosts
   31 hours to infect 996k hosts.

This model assumes one scan per second per infected host. It is
because if a million boxes are vulnerable, then one in 4096 IP
addresses should be vulnerable. A random scan would find one such
every 4096 seconds, implying a doubling time of about 70 minutes.

Scott

[1] http://www.icir.org/vern/papers/cdc-usenix-sec02/

Current thread:

Re: Monumentous task of making a list of all DDoS Zombies., (continued)
- - Re: Monumentous task of making a list of all DDoS Zombies. Marshall Eubanks (Feb 07)
  - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
    - RE: Monumentous task of making a list of all DDoS Zombies. Wayne Gustavus (nanog) (Feb 07)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
    - Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 07)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
    - Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Scott A Crosby (Feb 09)
    - abusereporting (was Re: Monumentous task of making a list) Mikael Abrahamsson (Feb 08)
    - Re: abusereporting Suresh Ramasubramanian (Feb 08)
    - Re: abusereporting (was Re: Monumentous task of making a list) Steven M. Bellovin (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Guðbjörn Hreinsson (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 08)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
    - RE: Monumentous task of making a list of all DDoS Zombies. Steve Birnbaum (Feb 10)
    - Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 10)
    - Re: Monumentous task of making a list of all DDoS Zombies. E.B. Dreger (Feb 08)

(Thread continues...)