Full Disclosure mailing list archives
Re: interesting?
From: Ka <ka () khidr net>
Date: Sat, 1 Feb 2003 16:30:43 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Samstag, 1. Februar 2003 10:54 Berend-Jan Wever wrote:
The way I see it, it's randomness seems to have hampered it.
A infection with an ideal randomness starts with the same infection rate as an ideal distributed infection. But it's infection rate per host then declines while more hosts are allready infected (cause the random methods will tend to re-scan allready scanned hosts and try to re-infect allready infected ones). When 50% of the infectable population has been reached, the rate has allready dropped to half the initial value. The ideal (coordinated distributed) infection keeps it's initial infection rate (per infected and thus participating) host constant. Roughly one could say a ideal coordinated infection has reached 100% of all hosts within the time the random method needs to infected 50% of the infectable population. With very fast scans and a high number of infectable host (as was the case with the Sapphire worm), pseudo random scan were enough to distribute. But this scan method also accounted for it's high network impact and "visibility". With slower scans and a lesser number of possible targets (as in the case of slapper) the random scan was just too slow to get much impact. Had slapper used a coordinated distributed scanning method (e.g. using it's p2p network for scan-coordination) it would certainly have compared "favourably" to sapphire. I predict this 2 worms are just harmless compared to the ones to come during the next years. Or have we allready overlooked the more intelligent species? Ka - -- Want hear Ancient Music In The Pines? Must find remote. Must change channel. http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+O+gj72vu22ltWBERAqFIAJ9/C5s/1w9rDiKjR0lJFwLEwPUj7ACdFbxj qfhAMyxEtgyj2y4AsYHb/j4= =iA7L -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- interesting? batz (Jan 31)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? Ka (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Simon Richter (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Roland Postle (Feb 01)
- Re: interesting? Geoincidents (Feb 01)
- Re: interesting? Simon Marechal (Feb 01)
- Re: interesting? Berend-Jan Wever (Feb 01)
- Re: interesting? batz (Feb 01)
- Re: interesting? Gregory Steuck (Feb 01)
- Re: interesting? batz (Feb 01)