routingWorm-techreport - 1 Routing Worm: A Fast, Selective...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou , Don Towsley , Weibo Gong , Songlin Cai Department of Computer Science Univ. Massachusetts, Amherst Technical Report: TR-CSE-03-06 Abstract Most well-known Internet worms, such as Code Red, Slammer, and Blaster, infected vulnerable computers by scanning the entire Internet IPv4 space. In this paper, we present a new scan-based worm called “routing worm”, which can use information provided by BGP routing tables to reduce its scanning space without ignoring any potential vulnerable computer. In this way, a routing worm can propagate twice to more than three times faster than a traditional worm. In addition, the geographic information of allocated IP addresses, especially BGP routing prefixes, enables a routing worm to conduct fine-grained selective attacks: hackers or terrorists can selectively impose heavy damage to vulnerable computers in a specific country, an Internet Service Provider, or an Autonomous System, without much collateral damage done to others. Routing worms can be easily implemented by attackers and they could cause considerable damage to our Internet. Since routing worms are scan-based worms, we believe that an effective way to defend against them and all other scan-based worms is to upgrade IPv4 to IPv6 — the vast address space of IPv6 ( 2 64 IP addresses for a single subnetwork) can prevent a worm from spreading through scanning. I. INTRODUCTION Computer worms are programs that self-propagate across a network exploiting security or policy flaws in widely-used services [14]. The easy access and wide usage of the Internet make it a primary target for the propagation of worms. Since the first well-known Morris worm [10] in 1988, attackers have continuously developed worms. Today, our computing infrastructure is more vulnerable [9] than ever before. In 2001, Code Red, Code Red II, and Nimda showed us how vulnerable our networks are [7][22][32]. Code Red infected more than 360,000 IIS servers within one day, causing millions-of-dollar loss to our society [42] — it began a new wave of global-scale propagation of worms. On January 25, 2003, SQL Slammer was released and quickly spread throughout the Internet [6]. Because of its super fast scan rate, Slammer infected more than 90% of the vulnerable computers on the Internet within 10 minutes [6]. In addition, the large amount of scan packets sent out by Slammer caused a global-scale denial of service attack to the Internet; many networks across Asia, Europe, and America were effectively shut down for several hours [43]. Only a half-year later, the Blaster worm appeared and infected more than 200,000 computers within a couple of hours on August 11, 2003 [31]. Code Red, Code Red II, Nimda, Slammer, and Blaster have created a new wave of global-scale fast
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 17

routingWorm-techreport - 1 Routing Worm: A Fast, Selective...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online