Reading Review 12-01-2004

From: Craig M Prince (cmprince@cs.washington.edu)
Date: Wed Dec 01 2004 - 00:50:03 PST

  • Next message: Michael J Cafarella: "How to 0wn the Internet..."

    Reading Review 12-01-2004
    -------------------------
    Craig Prince

    The paper titled "How to Own the Internet in Your Spare Time" analyzes
    various recent high-profile internet worms and their propagation
    characteristics. The paper then examines the natural evolution of these
    worms to determine how quickly such internet worms can actually spread.
    The results are very surprising and worrying -- using the methods proposed
    in the paper in the worst case complete propogation takes on the order of
    seconds! The paper also mentions several methods for discretely
    propogating worms and allowing "patching\upgrading" of worms. Finally, the
    authors proposed the creation of a committee to combat worms and worm
    outbreaks.

    This paper was most interesting because it actual does analysis of how
    fast worms can spread on the internet. It also does a good job of
    describing the "doomsday" scenario and shows how such a scenario is not
    beyond the realm of possibility. I thought that the permutation scanning
    technique was especially interesting in that it provides a type of
    distributed algorithm in order to avoid repeated work on the part of the
    infected machines. This is a rather simple modifcation that could have a
    large impact on the time it takes for a worm to spread.

    The paper did such a good job of convincing me that worms can be
    propogated quickly, that their suggested defenses seemed lack-luster and
    hopeless. It seems that someone extremely motivated could quickly cause
    widespread outages of the internet and tremendous damage, and there is
    really nothing we can do about it. All that would be needed is one small
    bug...

    The paper's argument for a cyber attack CDC did not seem very covincing.
    First, there is a question as to whether this should be part of the
    private or public sector (companies exist already who focus on worms and
    virus threats). Also, most of the proposed defenses still involved a human
    in the loop, which they showed is not effective for a quick attack. Is the
    best we can hope for to simply mitigate the damage of attacks
    after-the-fact?

  • Next message: Michael J Cafarella: "How to 0wn the Internet..."

    This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 00:50:03 PST