Code Red growth stats
k claffy
kc at ipn.caida.org
Thu Aug 2 02:06:27 UTC 2001
>
While they don't say, the "number of infected hosts" graph makes me
assume that they're counting unique IP addresses that tried to hit them.
As I said, my numbers are consistent with others posted here. And I've
gotten private mail about another, similar observation -- Code Red,
Round 2, appears to have peaked a few hours ago.
--Steve Bellovin, http://www.research.att.com/~smb
hmm, not sure about that, smb.
albeit crippled caida monitor (we're working on it),
it does seem to have reversed slope again:
http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif
bunch of fascinating comparative data too,
like the number of internal addresses that
were infected during each attaack:
Code-Red infected hosts with reserved IP addresses (attack 1)
10.0.0.0/8: 203 172.16.0.0/12 70 192.168.0.0/16 177
Code-Red infected hosts with reserved IP addresses (attack 2)
10.0.0.0/8: 0 172.16.0.0/12 6 192.168.0.0/16 0
(nevermind that we shouldn't see such addresses
in the first place, we all know that's a myth --
but whoever is using them either fixed their
nat configs this time or patched..)
about .5GB/hour of data, we gonna be outta disk by morning,
wow, we've hit every measurement snag possible today,
elves are all beyond exhausted...
per-AS stats still processing,
haven't started a geographic analysis of this attack yet
(we'd like to see which states/countries had highest patch rate,
not that geography matters in the least,
that much has been demonstrated....)
k
More information about the NANOG
mailing list