|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Code Red growth stats
* Jasper Wallace <[email protected]> [010801 16:37]: > > On Wed, 1 Aug 2001, Steven M. Bellovin wrote: > > > > > In message <[email protected]>, Scott Sturs > > a writes: > > > > > >On Wed, 1 Aug 2001, Dave Stewart wrote: > > > > > >> I suspect we'll see it begin to pick up a little bit... it looks like > > >> Billybob is just starting to get home from work and fire up his whizbang > > >> Windows 2000 machine, which he put IIS on so he can share kewl warez and > > >> mp3z with his leet friends... > > > > > >At 1500 EDT I put a counter on one of our commodity Internet connections, > > >looking for port 80 connects to one of our unassigned /24 subnets. Here > > >are the results so far: > > > > > >1500-1530: 682 > > >1530-1600: 536 > > >1600-1630: 533 > > >1630-1700: 643 > > > > > >Seems to be picking up. > > > > Maybe -- we need more data to be sure. But -- given that a lot of > > folks have patched systems over the last two weeks -- I suspect it's > > running out of "food". Look at the graph from the last go-round at > > http://www.cert.org/advisories/CA-2001-23.html -- it leveled off, too. > > (If the Worm is operating on UTC, the "stop" phase would have commenced > > at 2000 EDT. Even if it ran on local time, Western European machines > > wouldn't quiesce until 1700. The drop off starts well before that.) > > 35331 so far here (from 5120 ip's of dead space), but it definatly > seems to be leveling off - graphs and data (time_t, count) here: > > http://mostly.pointless.net/~jasper/cr/ I've got 59448 from a /18's worth of assigned/unallocated space, just since 17:30 or so CDT (UTC -0500). -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [email protected] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
|