From: Hal Finney (hal@finney.org)
Date: Sat May 25 2002 - 19:07:22 MDT
Eugen forwards:
> We present an analysis of the magnitude of the threat. We begin with a
> mathematical model derived from empirical data of the spread of Code Red I
> in July, 2001. We discuss techniques subsequently employed for achieving
> greater virulence by Code Red II and Nimda. In this context, we develop and
> evaluate several new, highly virulent possible techniques: hit-list scanning
> (which creates a Warhol worm), permutation scanning (which enables
> self-coordinating scanning), and use of Internet-sized hit-lists (which
> creates a flash worm).
>
> We then turn to the to the threat of surreptitious worms that spread more
> slowly but in a much harder to detect "contagion" fashion. We demonstrate
> that such a worm today could arguably subvert upwards of 10,000,000 Internet
> hosts. We also consider robust mechanisms by which attackers can control and
> update deployed worms.
> ...
> http://www.icir.org/vern/papers/cdc-usenix-sec02/index.html
This is a frightening paper which shows the magnitude of the threat
to the net caused by the continual evolution of worm software.
With the techniques described in this paper it should be possible
for worm writers to be even more successful and to subvert millions
or even tens of millions of hosts, possibly in just a few minutes.
It seems inevitable that this will occur in the next couple of years.
(The paper also points out that if KaZaa were subverted, they would own
tens of millions of machines right there.)
Using these resources they could target specific sites, including the root
name servers which the net depends on. I believe that if those were shut
down for a few weeks the net would become unusable as the cached copies
of this data expired. It depends on how the various implementations of
name server software will respond to such a failure.
Alternatively, commercial or government sites could be targeted.
With attacks coming from millions of hosts, we have no technology at
present which would allow those systems to remain functional.
Old-timers will remember the impact of the Morris Worm back in the 80s.
At that time most net computers were Vax and Sun systems running Unix,
and these were the ones attacked. The worm managed to essentially shut
the net down for a few days. Luckily at that time most systems were
managed by professionals, and there were few enough that they could get
the word out by phone and fax, and get their systems cleaned of the worm.
Today the effects would be overwhelmingly worse, because we rely on
the net so much more, and because most vulnerable systems are run by
technologically naive users who often won't even be aware that their
systems are causing the problems. And based on this paper, unfortunately
it seems very likely that we will see just such an Internet crash within
the next few years. I don't know how we will clean it up.
The authors propose a digital analog to the Centers for Disease Control,
specifically to deal with the threat of malware. I'm not sure this is
the right approach, in the sense of an organization which would analyze
and respond to specific new worms and viruses as they appear. Rather,
I think we need to come up with new approaches that can keep the net
running in the face of attackers who have this kind of power. It doesn't
seem practical, with current technology, to make the hundreds of millions
of net connected computers immune to attacks. We have to accept that
attackers are going to succeed in acquiring the power described in this
paper, and come up with a defense that will allow the net to continue
to function in a degraded mode.
Hal
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:22 MST