Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Code Red, anyone?

Re: Code Red, anyone?

From: Seth Arnold <sarnold_at_wirex.com>
Date: Wed, 1 Aug 2001 09:32:46 -0700

On Wed, Aug 01, 2001 at 04:41:01PM +0200, Jürgen Nieveler wrote:
> But if the number of hosts at the start is higher, the speed of infections
> will be higher, as there are more simultaneous attempts to find targets.

Not really.

Assume the doubling rate is every hour.

Assume Code Red Outbreak 1 started with one compromised host.
Assume Code Red Outbreak 2 started with 1024 compromised hosts.

Code Red Outbreak 1 will be only ten hours behind Code Red Outbreak 2,
even on the 19th of the month.

Change the assumptions and the results will change as well. The most
flawed assumption here is probably the doubling rate -- as a result of
patches being applied from the first round, I would guess a longer
doubling rate for the second round.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos