Witty Worm analysis
Very good analysis of the
Witty Worm which has been causing some problems with several products made by ISS including the popular BlackIce firewall.
Of special interest is the Network Telescope at UCSD:
bq. The UCSD Network Telescope consists of a large piece of globally announced IPv4 address space. The telescope contains almost no legitimate hosts, so inbound traffic to nonexistent machines is always anomalous in some way. Because the network telescope contains approximately 1/256th of all IPv4 addresses, we receive roughly one out of every 256 packets sent by an Internet worm with an unbiased random number generator. Because we are uniquely situated to receive traffic from every worm-infected host, we provide a global view of the spread of Internet worms.
Posted by DaveH at March 26, 2004 2:01 PM