From: Daniel Lowd (lowd@cs.washington.edu)
Date: Mon Nov 29 2004 - 17:10:57 PST
This paper analyzed the effectiveness of existing and potential worm
attacks, and argued for the development of national or international
organizations for combatting such attacks. This paper was quite thorough
in its coverage of possible techniques and solutions, considering many
different strategies and counter-strategies. The argument for publicly
funded worm-defense organizations is also well-stated and overdue.
At times the paper is a bit wordy, engaging in highly readable but perhaps
unnecessary discussions of every possible worm mechanism. It's not clear
how much the new permutation-based attacks really help relative to simply
increasing the infection rate. As bandwidth increases and latencies
decrease, increased infection rates should dominate future worm
improvements. When discussing theoretical worms, tested only using rough
simulations, what's the real benefit of a factor-of-4 speed-up?
More complicated attacks may be deployed in the future, but what's most
frightening about current worm attacks is their very simplicity. 4k of
code can take over the Internet in a day? Increased complexity may help a
worm spread faster or make it harder to stop, but it could also introduce
more points of failure or detection.
I thought that the discussion of infection via KaZaA was more interesting,
since that seems like an excellent avenue for infection that I had never
before considered. The distributed zombie control was also interesting.
Things have changed a lot since "Michaelangelo" was the scariest virus out
there. This paper's demonstration of worm potency, along with its
argument for public action, remain both compelling and relevant.
A Cyber-CBC also seems like a fun place to work... an interesting,
intelligent group of people working on real-world problems, yielding
useful yet (often) publishable discoveries. It would be like NASA, but
with fewer physicists and less hardware. Or like the NSA, but less
secret.
-- Daniel
This archive was generated by hypermail 2.1.6 : Mon Nov 29 2004 - 17:10:57 PST