From: Kate Everitt (everitt@cs.washington.edu)
Date: Wed Dec 01 2004 - 07:51:13 PST
This paper discusses the spreading mechanisms of successful worms, such as
code red and Nimda. They also devise new spreading techniques suchs as
hit-list scanning, permuation scanning, and Internet sized lists which
support flash worms. This could have been a the kind of paper that only
presents a problem without a solution, but they do a very good job of
presenting the magnitude and importance of this problem, and then
discussing in detail a "Center for Disease Control" type solution which
will help groups stop these types of attack and adapt to new types of
attack. This is very relevant to current situation, in fact, a bunch of
articles about mobile phone worms came out yesterday. One interesting
observation I thought of while reading this paper is that the power of the
Internet, its interconnectedness, was being used against Internet users.
I would have liked to see more disussion of prevention of attacks. It
is difficult to prevent worms like this from spreading, because not all
security bugs can be known in advance. However, there are some who feel
that using the same techniques worms use to spread to fix the security
holes that it uses. So called "white hat hackers" used the same spreading
code as one worm, whose name I forget, to remove it from the system.
However, this had the effect slowing down regular Internet traffic at
large. With a better understanding of how worms spread and what lists they
use, it may be possible to design a system that could "get ahead" of the
worm enough to stop its spread, and then clean it up at a pace that would
not interfere with Internet traffic. This was a very interesting and well
written paper, and a very important area of study.
This archive was generated by hypermail 2.1.6 : Wed Dec 01 2004 - 07:51:13 PST