[unisog] earlier report of SQL slapper worm

Tom Perrine tep at sdsc.edu
Wed Jan 29 21:36:46 GMT 2003


>>>>> On 30 Jan 2003 09:12:12 +1300, Russell Fulton <r.fulton at auckland.ac.nz> said:

    RF> One other thing that is puzzling us is that some machine that were
    RF> vulnerable and exposed escaped, yet given the probing rate and the
    RF> lenght of time before the traffic was blocked the probability of them
    RF> not getting hit is very small (assuming uniform distribution).  We
    RF> therefore conclude (reductio ad adsurdum) that the distribution was non
    RF> uniform and that we got lucky.

There is definitely one or more bugs in the PRNG.  The distribution is
NOT uniform (or normal :-) )  It apparently very quickly gets into one
of 32 or so cycles, so there are lots of addresses that would not be
hit.

--tep



More information about the unisog mailing list