[40113] in North American Network Operators' Group
Re: Code Red growth stats
daemon@ATHENA.MIT.EDU (k claffy)
Wed Aug 1 22:07:10 2001
Date: Wed, 1 Aug 2001 19:06:27 -0700
From: k claffy <kc@ipn.caida.org>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: nanog@nanog.org
Message-ID: <20010801190627.A7553@caida.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010801203622.C27D97B59@berkshire.research.att.com>; from smb@research.att.com on Wed, Aug 01, 2001 at 04:36:22PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
>
While they don't say, the "number of infected hosts" graph makes me
assume that they're counting unique IP addresses that tried to hit them.
As I said, my numbers are consistent with others posted here. And I've
gotten private mail about another, similar observation -- Code Red,
Round 2, appears to have peaked a few hours ago.
--Steve Bellovin, http://www.research.att.com/~smb
hmm, not sure about that, smb.
albeit crippled caida monitor (we're working on it),
it does seem to have reversed slope again:
http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif
bunch of fascinating comparative data too,
like the number of internal addresses that
were infected during each attaack:
Code-Red infected hosts with reserved IP addresses (attack 1)
10.0.0.0/8: 203 172.16.0.0/12 70 192.168.0.0/16 177
Code-Red infected hosts with reserved IP addresses (attack 2)
10.0.0.0/8: 0 172.16.0.0/12 6 192.168.0.0/16 0
(nevermind that we shouldn't see such addresses
in the first place, we all know that's a myth --
but whoever is using them either fixed their
nat configs this time or patched..)
about .5GB/hour of data, we gonna be outta disk by morning,
wow, we've hit every measurement snag possible today,
elves are all beyond exhausted...
per-AS stats still processing,
haven't started a geographic analysis of this attack yet
(we'd like to see which states/countries had highest patch rate,
not that geography matters in the least,
that much has been demonstrated....)
k
