cdc - How to 0wn the Internet in Your Spare Time Stuart...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
How to 0wn the Internet in Your Spare Time Stuart Staniford * Vern Paxson Nicholas Weaver Silicon Defense ICSI Center for Internet Research UC Berkeley [email protected] [email protected] [email protected] Abstract The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used to launch massive denial of service floods, but also to steal or corrupt great quantities of sensitive information, and confuse and disrupt use of the network in more subtle ways. We present an analysis of the magnitude of the threat. We begin with a mathematical model derived from em- pirical data of the spread of Code Red I in July, 2001. We discuss techniques subsequently employed for achiev- ing greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly vir- ulent possible techniques: hit-list scanning (which cre- ates a Warhol worm), permutation scanning (which en- ables self-coordinating scanning), and use of Internet- sized hit-lists (which creates a flash worm). We then turn to the to the threat of surreptitious worms that spread more slowly but in a much harder to detect “contagion” fashion. We demonstrate that such a worm today could arguably subvert upwards of 10,000,000 In- ternet hosts. We also consider robust mechanisms by which attackers can control and update deployed worms. In conclusion, we argue for the pressing need to de- velop a “Center for Disease Control” analog for virus- and worm-based threats to national cybersecurity, and sketch some of the components that would go into such a Center. * Research supported by DARPA via contract N66001-00-C-8045 Also with the Lawrence Berkeley National Laboratory, University of California, Berkeley. Additional support from Xilinx, ST Microsystems, and the Cali- fornia MICRO program 1 Introduction If you can control a million hosts on the Internet, you can do enormous damage. First, you can launch dis- tributed denial of service (DDOS) attacks so immensely diffuse that mitigating them is well beyond the state-of- the-art for DDOS traceback and protection technologies. Such attacks could readily bring down e-commerce sites, news outlets, command and coordination infrastructure, specific routers, or the root name servers. Second, you can access any sensitive information present on any of those million machines—passwords, credit card numbers, address books, archived email, patterns of user activity, illicit content—even blindly searching for a “needle in a haystack,” i.e., information that might be on a computer somewhere in the Internet, for which you trawl using a set of content keywords. Third, not only can you access this information, but you can sow confusion and disruption by corrupting the in- formation, or sending out false or confidential informa- tion directly from a user’s desktop.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 19

cdc - How to 0wn the Internet in Your Spare Time Stuart...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online