From: Chandrika Jayant (cjayant@cs.washington.edu)
Date: Wed Dec 01 2004 - 03:00:50 PST
"How to 0wn the Internet in Your Spare Time"
Written by Staniford, Paxson, and Weaver
Reviewed by Chandrika Jayant
After reading this paper, I am surprised that Internet worms
have not created even more crises than they have in the past. The
authors try to scare the reader by showing how easily more vicious worms
could be created and what a drastic impact this could have if millions
of machines were invaded. The main point of this paper should be a
warning to individuals and companies that the potential for disaster is
there, and by listing specific new possible attacks, hope that
scientists will come up with new smart ways to recognize and counter
these worms of the future. (And hope that people do not use this paper
to, in fact, make better worms.)
The authors briefly present three powerful worms that had previously
attacked (Code Red I, II, and Nimda) and describe their simple
functionality. Building from these worms, the authors show three new
powerful techniques for virulent worms: hit list scanning, permutation
scanning, and Internet-scale hit lists.
There were two problems that were most worrisome to me. A
flash worm, for example, could infect the vulnerable population in 10
seconds, something so fast that a human could not counter it in time.
This is an interesting point: human-median counter-response can only be
so fast. This is a limit that we have to deal with intelligently. I
would have liked to read more about this topic and what is being done
about it. Also, the contagion worms, on the other hand, spread slowly
enough that they can masquerade as normal traffic. If not detected, how
can they be stopped in time?
I thought that the mention of international warfare as a
main motivation for the creation of worms was a little silly. Maybe the
authors thought they would get published if they tried to make their
paper more dramatic. Or maybe this could be a reality in the next few
years and I'll regret saying that in this review. However, it is
difficult for me to imagine how worms could cleanly break up the
internet to not harm their country but just harm another, since the
Internet is chaotic and a mess of interconnections. Talking about other
reasons for creating worms would have been very useful. DOS attacks
could be used with economic motivations, accessing sensitive information
for monetary incentives, and corrupting information because you're a
bored 12 year old geek.
The most interesting current issue to me had to do with P2P
vulnerability and contagion worms. P2P is special because each node in
the network is a client and a server. A contagion might usually not be
as dangerous as it seems because it would need a pair of exploits, but
here it only needs one. It is hard to notice the contagion in the
traffic because large files are being transferred, the protocol doesn't
receive too much attention, and the interconnections are massive. This
definitely deserves much future work as P2P has quickly dominated much
of network traffic over the past few years.
The authors try to make the crux of the paper their
proposition for a CDC for worm control. This is an interesting idea, but
it seems fairly shaky. First of all, is a centralized center a good
idea? What happens if it is attacked? How are we supposed to trust this
center at all times? Who would control this? I am not convinced that a
societal institution is the way to go. Perhaps it would just be better
to go on the way we have- it seems to have worked pretty well so far-
and be more proactive and more ready for new worms that we know have the
potential to spread in the future, on the levels of companies who have
this job already.
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 03:01:02 PST