From: Michelle Liu (liujing@u.washington.edu)
Date: Wed Dec 01 2004 - 00:00:17 PST
Review of "How to 0wn the Internet in Your Spare Time"
Jing Liu
This paper talks about Internet security and viruses. First, a mathematical model is derived from empirical data of the spread of Code Red I in July, 2001. From the model, we'll notice how fast an Internet worm can spread though the networks. The number of vulnerable machines grows exponentially. The author then analyzes various forms of worms. The effect of the worms depends on the spreading speed, spreading area and spreading modes. Code Red II worm used a localized scanning strategy. Thus relatively the spreading area or inffected number of machines was not that big. However, Nimda was much more serious, since it used at least five different methods to spread itself.
There is a lot of work to be done in the topic of Internet security. As the author claimed that although we know how some worms spread, quite little is known about what those worms might be capable of doing. The other issues are today we have peer-to-peer systems and fast connection, high bandwidth Internet. Moreover, many operating systems support convenient dynamic code loading. Those aspects are good for the network performance and the functions of applications. However, they also enable the fast spread and inflexibility of worms though Internet.
The author also proposes several "better" worms, such as hit-list scanning, permutation scanning, topologically aware worms and Internet scale hit-lists. The goal of them is very rapid infection. We see that the Warhol worm which is a combination of hit-list and permutation scanning shows a quite strong function, where hit-list scanning greatly improves the initial spread and permutation scanning keeps the worm's infection rate high for much longer when compared with random scanning. The more sophisticated situation is that worms are possible to be updated after dissemination.
For all the above reasons, the author claims the necessity of establish the Cyber-Center for Disease Control (CDC).
The paper talks a quite interesting topic. However, it is too wordy. Moreover, although various forms of worms are analyzed, there is not much talking about how the worms were detected and how the security flaws were fixed in those examples.
For the future work, first could be to establish CDC. Second, to develop powerful detection software.
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 00:00:39 PST