On Sat, 1 Feb 2003, Roland Postle wrote: :It might seem frightening that sapphire reached 90% infection in 10 :minutes, but this is a feature of it's aggressive conectionless :scanning with single packets, and the small address space the internet :has, not it's particular scanning strategy. For a good discussion of :(much) more effective strategies read, : :"How to 0wn the Internet in Your Spare Time" :http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html
The really interesting part of this paper is their use of the "logistic equation" to describe the spread of the various worms. They use: da/dt = Ka(1-a) I guess my question fundamentally would be; could this logistic equation be effectively used to describe the propagation of patch information from CERT, the ISA, etc, vs the propagation of patch information from Bugtraq/Fd etc..? So, can: da/dt = Ka(1-a) be used to describe the propagation of patch information, and what would the implications of it be? Where K is the rate of information spread (based on number of subscriptions to public lists vs. consortiums) 'a' being the proportion of subscribers informed, 't' is hours, and 'd' seems to be iteration? I am speaking way out of my depth, but my question is based upon the intuition and experience that informs my opinions on how vulnerability information should be distributed. Is there another more appropriate formula that describes this problem? Cheers, -- batz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
