I don't believe this should be considered like a bell curve. That famous curve is a histogram, showing displacement from a mean. A time graph is a totally different model. However, I suspect you're right: as the day progressed and admins came to realize what was going on, machines began to be shut down and (hopefully) patched. BTW, kudos to Stuart for a highly interesting analysis! On Fri, 20 Jul 2001, E. Larry Lidz wrote: > > Stuart Staniford writes: > >show a sudden dramatic increase in the probe rate earlier this morning > >(US time). This could be consistent with a new version which is > >spreading much more effectively (possibly because it seeds its random > >number better). I'm trying to fit this data. > > The numbers look, loosely, like a bell curve to me. I'm not a > statistician, but isn't this loosely what we'd expect to see? That as it > compromises more machines it spreads itself asymptotically? And then, > once it hits a certain threshold people take note and start shutting > down the machines doing the attacking? > > -Larry > > --- > E. Larry Lidz Phone: (773)702-2208 > Sr. Network Security Officer Fax: (773)702-0559 > Network Security Center, The University of Chicago > PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml > > > ---------------------------------------------------------------------------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com > -- Kyle Maxwell kmaxwellat_private SuperPages.com Sys Admin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 12:39:08 PDT