From: Shobhit Raj Mathur (shobhit@cs.washington.edu)
Date: Tue Nov 30 2004 - 21:19:24 PST
How to 0wn the Internet in Your Spare Time
==========================================
This paper describes the mechanisms which worms use to spread in the
Internet today and other potential mechanisms which can increase their
virulence. Once a vast number of machines are compromised by the worms,
these machines could be used for malicious purposes. The paper analyzes
the threat posed by such an attack, and recommends the establishment of a
central body to prevent and control worm-based attacks.
The authors first mathematically model the spread of recent popular worms
such as Code Red and Nimda. Then they propose three new techniques which
would increase the virulence of worms. Hit list scanning accelerates the
initial spread of the worm. Permutation scanning allows the worms to
coordinate with each other and improve their effectiveness. Combining
these two techniques creates a Warhol worm which is capable of infecting
almost all of the vulnerable targets in a few minutes. The paper then
introduces a new type of worm called a Flash worm which uses a variant of
the hit list technique and is capable of infecting all the vulnerable
targets within a few 10s of seconds. This is a cause of serious concern as
such attacks can spread even before system administrators can respond with
a counter measure. Finally the authors, introduce another new class of
worms, surreptitious worms, which are difficult to detect and can infect
millions of hosts.
Having talked about how a worm can spread, the authors highlight the
magnitude of the threat. With over a million hosts on the Internet within
the attackers control, the attacker can launch DDOS attacks, steal
sensitive information etc. This makes the paper sound like a hackers
handbook!
To counter such attacks, the paper suggests the establishment of an
international level body CDC for cyber security. This seems to be very
ambitious and infeasible. The authors go overboard when talking about the
threat of cyber terrorism and 'cyber wars' against nations. Though the
authors enlist many roles of the CDC, implementing them is not feasible. A
better approach would be to prevent attacks. This could be done by making
it mandatory for all popular server/client applications to obtain a 'CDC
certificate', which certifies that they are safe to be released on the
web. This should be the primary goal of CDC (i.e like a standards body).
Overall the authors highlight the magnitude of the threat posed by worm
attacks very well. This threat is serious and needs to be countered
efficiently. Worm attacks can spread within seconds as well stealthily and
slowly. This makes the task of developing counter measures immensely
difficult. I feel that a 'CDC certificate' and user awareness are the best
possible counter measures to potential attacks in the future.
This archive was generated by hypermail 2.1.6 : Tue Nov 30 2004 - 21:19:24 PST