At 08:51 PM 8/6/2001, Andy Berkheimer wrote: > >On Mon, 6 Aug 2001, corecode wrote: > > > >> it could generate the same ip address again in it's PRNG but the chance > >> this happening is near 0. > > > >You're saying that the chance it will try a duplicate IP again later is 0? > >Not quite 0... > > > >My logs also bear out that dupes are common. ok. thank you for all the emails :) generating the same ip address is of course probable - more probable than with code red. but i was talking about infection attempts following right after each other. this should still be most unlikely. i don't know how one can explain these mass dupes, perhaps a proxy trying to establish a connection, or a NAT'ed network behind? cheerz corecode ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 09:18:43 PDT