looking for Slammer infectee access link speeds

• Previous message (by thread): looking for Slammer infectee access link speeds
• Next message (by thread): looking for Slammer infectee access link speeds
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> With colleagues I'm working on Internet-scale modeling of Slammer's 
>> behavior.
>> Its spreading dynamics significantly differed from those of most worms,
>> an effect we're pretty sure is related to the fact that unlike most 
>> worms,
>> an infected host's scanning often clogged the host's access link.
> 
> 
> I think a more interesting aspect of this particular worm is that it 
> only takes a single packet to infect a vulnerable host. As far as I know 
> no other worm can do this. The effect is that even packets to broadcast 
> or multicast address have the potential to infect.
> 

I think this is really the most important point. Link speeds and such 
are not as significant, maximum packet rates probably are. The 
compromised servers didn't need to wait for confirmation of the packets 
they spit out, and since a high percentage of the packets between 
"normal" levels of traffic and "pipe speed" [until pipe speed was 
reached] you get a very high infection rate in moments.

Every other virus had to do a long more talking, was a lot more 
dependent on reciprocal communication.

It might be interesting to model how many pps infected machines would 
have to spit out to infect 100% of the Internet in a certain about of time.

Deepak Jain
AiNET

• Previous message (by thread): looking for Slammer infectee access link speeds
• Next message (by thread): looking for Slammer infectee access link speeds
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]