* Andi Kleen (ak@xxxxxxx) wrote: > > > even forcing 256 tries (which is only 256 in upstream's crippled ASLR, > > ASLR? Address space layout randomization -- just placing executable, heap, stack, libraries, etc in random locations. Exploits may still result in success, however, takes more work, and may trigger alarms to see rapid, repeated segfaults, for example. > > _dramatically_ changes the spreading model of a worm. Frankly, i find it > > frustrating having to repeat this simple point so many times during so > > many years. This is really not rocket science. > > Sure but it would be still a very dangerous worm even if it was 128 times > slower Slowing down worm propagation is very useful to aid containment strategies. There's good research discussing worm growth patterns which suggests growth rate is a function of reaction time. Slowing the probe rates effectively improves the reaction time. Given typical exponential growth, this can really change the number of infected systems. thanks, -chris
