Re: .ida Intrusion Attempt

From: Kyle R Maxwell (kmaxwellat_private)
Date: Fri Jul 20 2001 - 09:55:36 PDT

  • Next message: James T Kirk: "Re: CodeRed"

    I don't believe this should be considered like a bell curve. That famous
    curve is a histogram, showing displacement from a mean. A time graph is
    a totally different model.
    
    However, I suspect you're right: as the day progressed and admins came
    to realize what was going on, machines began to be shut down and
    (hopefully) patched.
    
    BTW, kudos to Stuart for a highly interesting analysis!
    
    On Fri, 20 Jul 2001, E. Larry Lidz wrote:
    
    > 
    > Stuart Staniford writes:
    > >show a sudden dramatic increase in the probe rate earlier this morning
    > >(US time).  This could be consistent with a new version which is
    > >spreading much more effectively (possibly because it seeds its random
    > >number better).  I'm trying to fit this data.
    > 
    > The numbers look, loosely, like a bell curve to me. I'm not a
    > statistician, but isn't this loosely what we'd expect to see? That as it
    > compromises more machines it spreads itself asymptotically? And then,
    > once it hits a certain threshold people take note and start shutting
    > down the machines doing the attacking?
    > 
    > -Larry
    > 
    > ---
    > E. Larry Lidz                                        Phone: (773)702-2208
    > Sr. Network Security Officer                         Fax:   (773)702-0559
    > Network Security Center, The University of Chicago
    > PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
    > 
    > 
    > ----------------------------------------------------------------------------
    > 
    > 
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management 
    > and tracking system please see:
    > 
    > http://aris.securityfocus.com
    > 
    
    -- 
    Kyle Maxwell
    kmaxwellat_private
    SuperPages.com Sys Admin
    
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 12:39:08 PDT