Re: [Full-Disclosure] interesting?

From: batz (batsy@vapour.net)
Date: 02/01/03

  • Next message: Blue Boar: "Re: [Full-Disclosure] interesting?" 
    From: batz <batsy@vapour.net>
To: Roland Postle <mail@blazde.co.uk>
Date: Sat, 1 Feb 2003 12:04:32 -0500 (EST)

    On Sat, 1 Feb 2003, Roland Postle wrote:

    :It might seem frightening that sapphire reached 90% infection in 10
    :minutes, but this is a feature of it's aggressive conectionless
    :scanning with single packets, and the small address space the internet
    :has, not it's particular scanning strategy. For a good discussion of
    :(much) more effective strategies read,
    :
    :"How to 0wn the Internet in Your Spare Time"
    :http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html

    The really interesting part of this paper is their use of the
    "logistic equation" to describe the spread of the various
    worms.

    They use: da/dt = Ka(1-a)

    I guess my question fundamentally would be; could this
    logistic equation be effectively used to describe the
    propagation of patch information from CERT, the ISA, etc,
    vs the propagation of patch information from Bugtraq/Fd etc..?

    So, can: da/dt = Ka(1-a) be used to describe the propagation
    of patch information, and what would the implications of it be?

    Where K is the rate of information spread (based on number of
    subscriptions to public lists vs. consortiums) 'a' being the
    proportion of subscribers informed, 't' is hours, and 'd'
    seems to be iteration?

    I am speaking way out of my depth, but my question is based upon
    the intuition and experience that informs my opinions on how
    vulnerability information should be distributed.

    Is there another more appropriate formula that describes
    this problem?

    Cheers, 

    -- 
batz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html