North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red growth stats

  • From: k claffy
  • Date: Thu Aug 02 00:40:20 2001

On Wed, Aug 01, 2001 at 10:35:46PM -0400, Steven M. Bellovin wrote:
  In message <[email protected]>, k claffy writes:
  >albeit crippled caida monitor (we're working on it),
  >it does seem to have reversed slope again:
  Fascinating; thanks.  SANS hasn't updated their plots lately, so I 
  can't compare.  Anyone else with any data to post?  (On the other hand 
  -- any chance that the dip recorded at CAIDA is due to the measurement 

different problems; i don't think so.

graph of patch rate (we haven't plotted tonite's numbers yet)

suggests that the news coverage did have a slight positive
effect on patch rate

also by AS and per country as of 20:00 GMT

  If it has indeed turned up again, I'm at a loss to explain it.  While 
  I'm sure there are some IIS servers on home machines, I doubt there are 
  that many.  But I don't have another explanation to offer.
other possibilities
	-- college students going home to start up their web servers?
	-- windows servers whose MCSE's rebooted them, 
	   and then went home at 5, believing it fixed... 
	   but just getting reinfected? (-sfd suggestion)

we could do the AS_summary for hosts infected _after_ 
the increase re-started, and see if it's strongly
disproportionate to hosts behind certain type of providers

haven't done yet