On Fri, 31 Jan 2003 22:58:29 -0500 (EST), batz wrote: >This seems important is because it shows that a high rate >of saturation can be achieved among network nodes as >effectively (if not more so) using random distribution, as by >using a structured or hierarchical distribution strategy.
It might seem frightening that sapphire reached 90% infection in 10 minutes, but this is a feature of it's aggressive conectionless scanning with single packets, and the small address space the internet has, not it's particular scanning strategy. For a good discussion of (much) more effective strategies read, "How to 0wn the Internet in Your Spare Time" http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html excerpt: "We discuss techniques subsequently employed for achieving greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly virulent possible techniques: hit-list scanning (which creates a Warhol worm), permutation scanning (which enables self-coordinating scanning), and use of Internet-sized hit-lists (which creates a flash worm). " - Blazde _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
