[40096] in North American Network Operators' Group
RE: Code Red growth stats
daemon@ATHENA.MIT.EDU (Joe Blanchard)
Wed Aug 1 16:44:28 2001
Message-ID: <E9BBE0941932D511934C0002A52CDB4E2D07B8@sj-exchange.wyse.com>
From: Joe Blanchard <jblanchard@wyse.com>
To: nanog@nanog.org
Date: Wed, 1 Aug 2001 13:38:59 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C11AC9.FDF9CDC0"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C11AC9.FDF9CDC0
Content-Type: text/plain
Not sure. I do know that I have been informing the EDUs that seem to have
multiple nodes infected and actually am getting a response from them that
they are being fixed.
Don't know.
-Joe
> ----------
> From: Stephen J. Wilcox[SMTP:steve@opaltelecom.co.uk]
> Sent: Wednesday, August 01, 2001 1:28 PM
> To: Steven M. Bellovin
> Cc: k claffy; nanog@nanog.org
> Subject: Re: Code Red growth stats
>
>
> On Wed, 1 Aug 2001, Steven M. Bellovin wrote:
>
> > I ran a little script on the totals reported by www.incidents.org,
> > calculating the ratio between successive samples. (The latest graph I
> > could find, as of 1615 EDT, ended at 1400 EDT.) There was a period of
> > steady exponential growth in there, but it seems to be tailing off.
> > That's consistent with another report posted here.
>
> Does anyone have any theories as to why its tailing, are the thousands of
> vulnerable machines being patched all of a sudden? If not then why is
> traffic decreasing so fast when the worm just keeps searching?
>
> Steve
>
>
>
------_=_NextPart_001_01C11AC9.FDF9CDC0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Code Red growth stats </TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Not sure. I do know =
that I have been informing the EDUs that seem to have multiple nodes =
infected and actually am getting a response from them that they are =
being fixed.</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Don't know. </FONT>
</P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">-Joe</FONT>
</P>
<UL>
<P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Stephen J. =
Wilcox[SMTP:steve@opaltelecom.co.uk]</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Wednesday, August 01, 2001 1:28 =
PM</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">Steven M. =
Bellovin</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Cc:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans Serif">k claffy; =
nanog@nanog.org</FONT>
<BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> =
<FONT SIZE=3D2 FACE=3D"MS Sans =
Serif">Re: Code Red growth stats </FONT>
</P>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">On Wed, 1 Aug 2001, Steven M. Bellovin =
wrote:</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">> I ran a little script on the =
totals reported by www.incidents.org, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> calculating the ratio between =
successive samples. (The latest graph I </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> could find, as of 1615 EDT, =
ended at 1400 EDT.) There was a period of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> steady exponential growth in =
there, but it seems to be tailing off. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> That's consistent with another =
report posted here.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Does anyone have any theories as to =
why its tailing, are the thousands of</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">vulnerable machines being patched all =
of a sudden? If not then why is</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">traffic decreasing so fast when the =
worm just keeps searching?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Steve</FONT>
</P>
<BR>
<BR>
</UL>
</BODY>
</HTML>
------_=_NextPart_001_01C11AC9.FDF9CDC0--
