[unisog] earlier report of SQL slapper worm

H. Morrow Long morrow.long at yale.edu
Fri Jan 31 21:13:03 GMT 2003

Actually the article the URL you provide (while interesting) is
about the randomness (or lack thereof) of TCP ISNs (Initial Sequence Numbers)
in different platforms and TCP implementations  -- not about generating
random IP addresses.


Robert Dormer wrote:
> most random IP number generators aren't perfectly random
> http://lcamtuf.coredump.cx/newtcp/
>> The random IP number generation function was not perfectly random?
>> Morrow
>> Russell Fulton wrote:
>>> One other thing that is puzzling us is that some machine that were
>>> vulnerable and exposed escaped, yet given the probing rate and the
>>> lenght of time before the traffic was blocked the probability of them
>>> not getting hit is very small (assuming uniform distribution).  We
>>> therefore conclude (reductio ad adsurdum) that the distribution was non
>>> uniform and that we got lucky.
>>> Cheers, Russell.
> Regards,
> Robert Dormer
> =============
> Information Security - University of Pennsylvania
> phone: (215) 573 - 4574
> email: rdormer at isc.upenn.edu
> security: security at isc.upenn.edu

More information about the unisog mailing list