Re: CRv2 - Questions

From: Ronald Tse (ronaldat_private)
Date: Mon Jul 23 2001 - 21:31:06 PDT

  • Next message: Phil Sorber: "Re: GET x HTTP/1.0"

    I thought the worm skipped 127.x.x.x and 224.x.x.x addresses?
    (From eEye's analysis)
    
    Thanks
    Ronald Tse
    
    ----- Original Message -----
    From: "Jose Nazario" <joseat_private>
    To: "Incidents SecurityFocus" <incidentsat_private>
    Sent: Tuesday, July 24, 2001 3:31 AM
    Subject: RE: CRv2 - Questions
    
    
    > On Mon, 23 Jul 2001, The Death wrote:
    >
    > > You are right, i did not notice that the total number is covering the
    > > entire possible 32-bit positions (therefore, all IPs). In any case,
    > > this IS considered a PRNG, it is just that the seeding configurations
    > > (using static seeds and not random seeds) break the security, and
    > > bring it to a level of a simple, known, list.
    >
    > i intended to do this analysis of 'randb', the class b PRNG used in ramen
    > and its cousins. never got around to it, happy to see that someone else
    > has looked at CR's PRNG. (ie warn the networks which are most likely to
    > show up as targets based on the output of the PRNG.)
    >
    > however, the fact that it hit *all* values of 2^32 suggests it probably,
    > like ramen did, screwed with the multicast networks. ie the traffic storms
    > were massive. any word from you mcast people on the fallout from CR?
    >
    > ____________________________
    > jose nazario      joseat_private
    >            PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
    >        PGP key ID 0xFD37F4E5 (pgp.mit.edu)
    >
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:00:00 PDT