Does anyone have packet traces taken during Viral spread phase?


Harry Saal (hjs@lindy.Stanford.EDU)
Wed, 9 Nov 88 01:16:27 PST


I would be very interested in receiving any network packet traces taken
while the recent worm hopped about and (re)infected multiple machines
connected by LAN connections/routers. We would like to see to what
degree the externally visible network traffic stood out from the
"normal" traffic. The goal would be to be able to provide earlier warnings
of anomalous behaviour than having a system choke itself to death, and then
try to take action. For example, I am interested in any observations
as to whether average activity took a nose dive (as other processes clogged
up) or increased (due to the agressive attempts to spread itself).

Any formats of actual traces are of interest (assuming they are described
in some .h file - like fashion somewhere).



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT