From: k claffy (no email)
Date: Thu Aug 02 2001 - 00:37:33 EDT
On Wed, Aug 01, 2001 at 10:35:46PM -0400, Steven M. Bellovin wrote:
In message <>, k claffy writes:
>albeit crippled caida monitor (we're working on it),
>it does seem to have reversed slope again:
>http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif
Fascinating; thanks. SANS hasn't updated their plots lately, so I
can't compare. Anyone else with any data to post? (On the other hand
-- any chance that the dip recorded at CAIDA is due to the measurement
problems?)
different problems; i don't think so.
graph of patch rate (we haven't plotted tonite's numbers yet)
http://worm-security-survey.caida.org/patching.gif
suggests that the news coverage did have a slight positive
effect on patch rate
also by AS and per country as of 20:00 GMT
http://worm-security-survey.caida.org/AS_summary.txt
If it has indeed turned up again, I'm at a loss to explain it. While
I'm sure there are some IIS servers on home machines, I doubt there are
that many. But I don't have another explanation to offer.
other possibilities
-- college students going home to start up their web servers?
-- windows servers whose MCSE's rebooted them,
and then went home at 5, believing it fixed...
but just getting reinfected? (-sfd suggestion)
we could do the AS_summary for hosts infected _after_
the increase re-started, and see if it's strongly
disproportionate to hosts behind certain type of providers
haven't done yet
|
|
|