I thought the worm skipped 127.x.x.x and 224.x.x.x addresses? (From eEye's analysis) Thanks Ronald Tse ----- Original Message ----- From: "Jose Nazario" <joseat_private> To: "Incidents SecurityFocus" <incidentsat_private> Sent: Tuesday, July 24, 2001 3:31 AM Subject: RE: CRv2 - Questions > On Mon, 23 Jul 2001, The Death wrote: > > > You are right, i did not notice that the total number is covering the > > entire possible 32-bit positions (therefore, all IPs). In any case, > > this IS considered a PRNG, it is just that the seeding configurations > > (using static seeds and not random seeds) break the security, and > > bring it to a level of a simple, known, list. > > i intended to do this analysis of 'randb', the class b PRNG used in ramen > and its cousins. never got around to it, happy to see that someone else > has looked at CR's PRNG. (ie warn the networks which are most likely to > show up as targets based on the output of the PRNG.) > > however, the fact that it hit *all* values of 2^32 suggests it probably, > like ramen did, screwed with the multicast networks. ie the traffic storms > were massive. any word from you mcast people on the fallout from CR? > > ____________________________ > jose nazario joseat_private > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 > PGP key ID 0xFD37F4E5 (pgp.mit.edu) > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:00:00 PDT