|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Code Red growth stats
On Wed, Aug 01, 2001 at 10:35:46PM -0400, Steven M. Bellovin wrote: In message <[email protected]>, k claffy writes: >albeit crippled caida monitor (we're working on it), >it does seem to have reversed slope again: >http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif Fascinating; thanks. SANS hasn't updated their plots lately, so I can't compare. Anyone else with any data to post? (On the other hand -- any chance that the dip recorded at CAIDA is due to the measurement problems?) different problems; i don't think so. graph of patch rate (we haven't plotted tonite's numbers yet) http://worm-security-survey.caida.org/patching.gif suggests that the news coverage did have a slight positive effect on patch rate also by AS and per country as of 20:00 GMT http://worm-security-survey.caida.org/AS_summary.txt If it has indeed turned up again, I'm at a loss to explain it. While I'm sure there are some IIS servers on home machines, I doubt there are that many. But I don't have another explanation to offer. other possibilities -- college students going home to start up their web servers? -- windows servers whose MCSE's rebooted them, and then went home at 5, believing it fixed... but just getting reinfected? (-sfd suggestion) we could do the AS_summary for hosts infected _after_ the increase re-started, and see if it's strongly disproportionate to hosts behind certain type of providers haven't done yet
|
