IP: Mind-blowing-- How to own the Internet in your spare time (fwd)

From: Eugen Leitl (eugen@leitl.org)
Date: Sat May 25 2002 - 09:08:43 MDT


Sounds useful.

---------- Forwarded message ----------
Date: Fri, 24 May 2002 18:18:59 -0400
From: Dave Farber <dave@farber.net>
Reply-To: farber@cis.upenn.edu
To: ip <ip-sub-1@majordomo.pobox.com>
Subject: IP: Mind-blowing-- How to own the Internet in your spare time

Abstract:

The ability of attackers to rapidly gain control of vast numbers of Internet
hosts poses an immense risk to the overall security of the Internet. Once
subverted, these hosts can not only be used to launch massive denial of
service floods, but also to steal or corrupt great quantities of sensitive
information, and confuse and disrupt use of the network in more subtle ways.

We present an analysis of the magnitude of the threat. We begin with a
mathematical model derived from empirical data of the spread of Code Red I
in July, 2001. We discuss techniques subsequently employed for achieving
greater virulence by Code Red II and Nimda. In this context, we develop and
evaluate several new, highly virulent possible techniques: hit-list scanning
(which creates a Warhol worm), permutation scanning (which enables
self-coordinating scanning), and use of Internet-sized hit-lists (which
creates a flash worm).

We then turn to the to the threat of surreptitious worms that spread more
slowly but in a much harder to detect "contagion" fashion. We demonstrate
that such a worm today could arguably subvert upwards of 10,000,000 Internet
hosts. We also consider robust mechanisms by which attackers can control and
update deployed worms.

In conclusion, we argue for the pressing need to develop a "Center for
Disease Control" analog for virus- and worm-based threats to national
cybersecurity, and sketch some of the components that would go into such a
Center.

------ Forwarded Message
From: Rodney Joffe <rjoffe@centergate.com>

Hi Dave,

I assume you know Vern Paxson...

He just released this paper which is rather dramatic. And scary.

http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html

-- 
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)
------ End of Forwarded Message
For archives see:
http://www.interesting-people.org/archives/interesting-people/


This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:21 MST