[ale] OT: [Fwd: The Spread of the Sapphire/Slammer SQL Worm]

Geoffrey esoteric at 3times25.net
Sat Feb 1 07:47:23 EST 2003


I found this interesting.  I've not validated the credentials of the 
individuals in any way, so unless you do, consider it hearsay.

-------- Original Message --------
Subject: The Spread of the Sapphire/Slammer SQL Worm
Date: Fri, 31 Jan 2003 18:09:16 -0800
From: Nicholas Weaver <nweaver at CS.berkeley.edu>
To: ale at ale.org
To: bugtraq at securityfocus.com


We have completed our preliminary analysis of the spread of the
Sapphire/Slammer SQL worm.  This worm required roughly 10 minutes to
spread worldwide making it by far the fastest worm to date.  In the
early stages the worm was doubling in size every 8.5 seconds.  At its
peak, achieved approximately 3 minutes after it was released, Sapphire
scanned the net at over 55 million IP addresses per second.  It
infected at least 75,000 victims and probably considerably more.

This remarkable speed, nearly two orders of magnitude faster than Code
Red, was the result of a bandwidth-limited scanner.  Since Sapphire
didn't need to wait for responses, each copy could scan at the maximum
rate that the processor and network bandwidth could support.

There were also two noteworthy bugs in the pseudo-random number
generator which complicated our analysis and limited our ability to
estimate the total infection but did not slow the spread of the worm.

The full analysis is available at
http://www.caida.org/analysis/security/sapphire/
http://www.silicondefense.com/sapphire/
http://www.cs.berkeley.edu/~nweaver/sapphire/

David Moore, CAIDA & UCSD CSE
Vern Paxson, ICIR & LBNL
Stefan Savage, UCSD CSE
Colleen Shannon, CAIDA
Stuart Staniford, Silicon Defense
Nicholas Weaver, Silicon Defense and UC Berkeley EECS



-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list