Looking at the infected population chart as published on C|Net, I have to say that the dramatic increase looks exactly like the classical "knee" in a exponential growth curve. In fact, the entire curve looks like a standard infection "population vs. time" graph, with the upper end fall-off due to the saturation of the available uninfected population. No nefarious modifications are needed here to explain the sudden surge. For entertainment value, try creating a chart (I used Excel), plotting y=x^9. Then look at the curve. The knee starts around x=20 or 21, and the value takes off from there. No modifications needed. >I can correlate what Kelly reports -- *something* happened between 14-1500 GMT >today to drastically increase the number of 'code red' scans/infections. I've >been tracking them since Saturday on my IDS. Our class-b address space appears >to be high up on the worms scanning pattern. For all of 7/18 I recorded probes >from 8247 unique host IP addresses, presumably compromised with 'code red'. >Just during the 1900GMT hour today - one hour of logs - I recorded 'code red' >hits from 115124 different IP addresses. All of these probes are bouncing off >our firewall. The drastic increase in infections/probes began between 1300- >1400 GMT today and *seemed* to start leveling off around 1600-1700 GMT. -- Phillip C. Reed Network Administration - Cincinnati Eviciti 1148 Main St., 4th floor Cincinnati, OH 45210 (513) 929-0785 x218 http://www.eviciti.com mailto:preedat_private
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 07:54:16 PDT