Monumentous task of making a list of all DDoS Zombies.

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): abusereporting (was Re: Monumentous task of making a list)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 8 Feb 2004 18:12:46 +0100, Iljitsch van Beijnum <iljitsch at muada.com> writes:

> But how are you going to infect a million boxes if you can
> only scan one address per second?

With a random scanning worm, the expected time could be as low as
about a day.

Assuming the random scanning model from the paper[1], I get:
    0 time: 1 infected host.
   11 hours to infect 1000 hosts.
   25 hours to infect 800k hosts
   31 hours to infect 996k hosts.

This model assumes one scan per second per infected host. It is
because if a million boxes are vulnerable, then one in 4096 IP
addresses should be vulnerable. A random scan would find one such
every 4096 seconds, implying a doubling time of about 70 minutes.

Scott

[1] http://www.icir.org/vern/papers/cdc-usenix-sec02/

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): abusereporting (was Re: Monumentous task of making a list)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]