From: Jonas Lindberg (jonaslin@kth.se)
Date: Tue Nov 30 2004 - 17:27:23 PST
S. Staniford, V. Paxson, and N. Weaver's "How to Own the Internet in Your
Spare Time"
Reviewed by: Jonas Lindberg
In this paper the authors discuss distributed attacks - the threat they
constitute, how they can be carried out, optimized, and a suggested
organization for opposing such attacks.
The paper begins with analyzing the spread technique used by well known worm
(Code Red I) and also discusses two other worms that use refined techniques
for infecting hosts. The analysis shows that worms can propagate very fast
and compromise almost all vulnerable machines on the Internet within hours.
To illustrate how serious the threat is, the authors present several ways of
improving a worm's propagation rate. Simulations show that these
improvements have great effects. Staniford et al. state that a worm that
implements these improvements is "capable of attacking most vulnerable
targets in well under an hour, possibly less than 15 minutes".
Another type of worms that is discussed in the paper is the "stealth worms".
These worms spread by exploiting security bugs in hosts a user's infected
applications connects to. This propagation technique is not fast but very
hard to detect since the worm does not produce any particular traffic
patterns. Peer-to-peer systems are particularly vulnerable to these worms,
since it is likely that one application is used as both client and server.
It is thus sufficient for the attacker to find one security hole to exploit,
instead of one in the client software and one in the server software.
The authors argue that future attackers possibly gaining control over tens
of millions of hosts. It is obvious that someone who is in control of 10
million hosts is able to cause enormous damage, e.g. by stealing information
or launching denial of services attacks against important servers (such as
the root DNS servers).
Towards the end of the paper, Staniford et al. suggests a remedy for worm
attacks: a "Cyber-Center for Disease Control" (CDC). This is an interesting
idea. Weather or not it is practical is hard to say, but hopefully it can
initiate a discussion of how to tackle this threat that is both real and
important.
I thought this paper was pretty interesting reading. Worms have historically
shown that they can cause substantial damage and this paper indicates that
we have not seen the worst yet. One thing that I think is a little bit
questionable is if it really is a good idea to present improvements of worm
propagation techniques in academic papers. Are not the historical worm
attacks alone enough motivation for suggesting a CDC?
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 02:28:03 PST