[42723] in North American Network Operators' Group
Question about Dynamic Graphs of the Nimda worm
daemon@ATHENA.MIT.EDU (Jeff Ogden)
Wed Sep 19 17:37:38 2001
Mime-Version: 1.0
Message-Id: <v0421010fb7cebddfdd50@[198.108.60.39]>
Date: Wed, 19 Sep 2001 17:31:15 -0400
To: nanog@merit.edu
From: Jeff Ogden <jogden@merit.edu>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
The Dynamic Graphs of the Nimda worm at
http://www.caida.org/dynamic/analysis/security/nimda/
are interesting. To what degree do the graphs really tell us how many
hosts are infected? Or do they just tell us how many infected hosts
are observed every 15 minutes? I guess what I am asking is, is the
15 minute sample period causing the graph to under report the total
number of infected sites? How likely is it that the CAIDA monitor
will be visited at least once every 15 minutes by an infected system?
No matter what the answer to this question is, I do like the fact
that the trend is down.
-Jeff Ogden
Merit
