[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Fwd: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available
Date: Sun, 28 Mar 2004 16:19:45 -0800 From: John Gilmore <gnu@toad.com> Subject: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available Sender: eff-infra-bounces@eff.org To: eff-infra@eff.org, gnu@toad.com CAIDA's analysis of the "Witty" worm from two weeks ago is frightening. It was targeted to hit a particular vendor's firewall product. The worm came out one day after the vulnerability was disclosed and patched. Within 10 seconds it had spread to 110 hosts. Within 45 minutes, it had compromised almost all of the vulnerable machines on the Internet. As a destructive worm, it gradually disabled its hosts (by periodically writing garbage to a random spot on disk). If instead it had been a stealth 'bot', it would now have about 12,000 machines ready to do its creator's bidding -- the entire vulnerable population. (If it had been targeting more numerous Linux, BSD, or Microsoft systems, it would have spread as quickly, or more quickly.) Worms are now able to propagate MUCH faster than humans can react to stop them. They can be released MUCH faster than humans can install patches. In short, the patch-and-pray model can't prevent massive-scale attacks from succeeding (and using the resources of the attacked machines for any other purpose). This worm, along with others, validates the thesis from the seminal 2002 security paper, "How to 0wn the Internet in Your Spare Time" by Stuart Staniford, Vern Paxson, and Nicholas Weaver. For that, see: http://www.icir.org/vern/papers/cdc-usenix-sec02/ This has policy implications at many levels, from software development, to security analysis, to infrastructure defense. John Date: Thu, 25 Mar 2004 15:49:02 -0800 From: Colleen Shannon <cshannon@caida.org> To: caida@caida.org, Subject: [Caida] witty worm writeup available Hi folks, David and I thought you might be interested in our analysis of the spread of the witty worm. Our writeup is available at: http://www.caida.org/analysis/security/witty/ Please let us know if you have any comments, questions, or other feedback! Thanks, Colleen -- Colleen Shannon CAIDA/SDSC/UCSD - cshannon@caida.org ------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC