Re: .ida Intrusion Attempt

From: E. Larry Lidz (ellidzat_private)
Date: Fri Jul 20 2001 - 06:53:36 PDT

  • Next message: Colby Rice: "'Code Red' list."

    Stuart Staniford writes:
    >show a sudden dramatic increase in the probe rate earlier this morning
    >(US time).  This could be consistent with a new version which is
    >spreading much more effectively (possibly because it seeds its random
    >number better).  I'm trying to fit this data.
    
    The numbers look, loosely, like a bell curve to me. I'm not a
    statistician, but isn't this loosely what we'd expect to see? That as it
    compromises more machines it spreads itself asymptotically? And then,
    once it hits a certain threshold people take note and start shutting
    down the machines doing the attacking?
    
    -Larry
    
    ---
    E. Larry Lidz                                        Phone: (773)702-2208
    Sr. Network Security Officer                         Fax:   (773)702-0559
    Network Security Center, The University of Chicago
    PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 09:51:30 PDT