[40095] in North American Network Operators' Group
Re: Code Red growth stats (fwd)
daemon@ATHENA.MIT.EDU (Larry Sheldon)
Wed Aug 1 16:41:13 2001
From: Larry Sheldon <lsheldon@creighton.edu>
Message-Id: <200108012038.PAA22319@bluejay.creighton.edu>
To: nanog@nanog.org
Date: Wed, 01 Aug 2001 15:38:33 CDT
Errors-To: owner-nanog-outgoing@merit.edu
> On Wed, 1 Aug 2001, Steven M. Bellovin wrote:
>
> > I ran a little script on the totals reported by www.incidents.org,
> > calculating the ratio between successive samples. (The latest graph I
> > could find, as of 1615 EDT, ended at 1400 EDT.) There was a period of
> > steady exponential growth in there, but it seems to be tailing off.
> > That's consistent with another report posted here.
>
> Does anyone have any theories as to why its tailing, are the thousands of
> vulnerable machines being patched all of a sudden? If not then why is
> traffic decreasing so fast when the worm just keeps searching?
A couple of conjectures....
What is the correllation between infection rate and population-where-it-is-
still-daylight? (Its middle of the night in Europe, no?)
What is the likelyhood that people who din't know they were running IIS
have turned it off.
How about nets blocking port 80?
