From: Erika Rice (erice@cs.washington.edu)
Date: Wed Dec 01 2004 - 00:15:10 PST
"How to 0wn the Internet in Your Spare Time" by Stuart Staniford, Vern
Paxson, and Nicholas Weaver:
This paper explores the spread of three real Internet worms: Code Red I,
Code Red II, and Nimbda. There were all fairly fast spreading worms
that caused great damage. The authors describe the worms and show how
Code Red I cleanly fits a fairly standard epidemic model that has been
used for worms in the past.
More interesting than the mathematical models (although they are quite
interesting as is shown by the fact this was one of my favorite sources
for a project creating a more complex mathematical model describing worm
spread) is the descriptions of how worms could be made even more
effective. The worms the authors examined were, for the most part,
fairly simple. They found an exploit, exploited it, and spread to other
hosts in a fairly random manner. More advanced implementations could
increase the spread of spread, make scanning more effective and allow
worms to be upgraded. They also pointed out the threat of slow
spreading worms that are latent for a long period of time. These worms
are interesting in their ability to spread to a very large number of
hosts without being detected. Both of these unobserved but feasible
categories of worms help to broaden the view of people who are concerned
about worms and, therefore, help them to develop better methods of
fighting against them.
The authors also propose the development of a "Cyber-Center for Disease
Control" to help detect, combat, and prevent worms. Such an
organization would certainly be useful, and it would be interesting to
see a proposal that more fully outlines the sketch that the authors
present here.
One criticism I have of this paper is the emphasis on the idea that
worms might be used in wars. The main problem with this idea is that it
is only valid if one party can completely shield itself from the worm or
if they do not care about the network staying functional. At least for
nations, neither option is valid. A single nation cannot completely
shield itself because, one would think, the nation would want to protect
the computers of the people and business in that country as well as
government owned machines. Causing such protection would likely be a
key to other nations that something fishy was going on. Furthermore,
the increasing dependence of nations on networks makes it infeasible for
them to allow the network to become disabled. Allies only complicate
matters. Because the Internet connects the whole world, it seems hard
to make sure that only certain people are targeted.
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 00:15:11 PST