North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red growth stats

  • From: k claffy
  • Date: Wed Aug 01 22:08:53 2001

  While they don't say, the "number of infected hosts" graph makes me 
  assume that they're counting unique IP addresses that tried to hit them.
  As I said, my numbers are consistent with others posted here.  And I've 
  gotten private mail about another, similar observation -- Code Red, 
  Round 2, appears to have peaked a few hours ago.
  		--Steve Bellovin,

hmm, not sure about that, smb.

albeit crippled caida monitor (we're working on it),
it does seem to have reversed slope again:

bunch of fascinating comparative data too,
like the number of internal addresses that
were infected during each attaack:

        Code-Red infected hosts with reserved IP addresses (attack 1)     203   70  177

        Code-Red infected hosts with reserved IP addresses (attack 2)     0   6  0

(nevermind that we shouldn't see such addresses
in the first place, we all know that's a myth --
but whoever is using them either fixed their
nat configs this time or patched..)

about .5GB/hour of data, we gonna be outta disk by morning,
wow, we've hit every measurement snag possible today,
elves are all beyond exhausted...

per-AS stats still processing,
haven't started a geographic analysis of this attack yet
(we'd like to see which states/countries had highest patch rate, 
not that geography matters in the least, 
that much has been demonstrated....)