[IP] Fwd: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available
Date: Sun, 28 Mar 2004 16:19:45 -0800
From: John Gilmore <gnu@xxxxxxxx>
Subject: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available
Sender: eff-infra-bounces@xxxxxxx
To: eff-infra@xxxxxxx, gnu@xxxxxxxx
CAIDA's analysis of the "Witty" worm from two weeks ago is
frightening. It was targeted to hit a particular vendor's firewall
product. The worm came out one day after the vulnerability was
disclosed and patched. Within 10 seconds it had spread to 110 hosts.
Within 45 minutes, it had compromised almost all of the vulnerable
machines on the Internet. As a destructive worm, it gradually
disabled its hosts (by periodically writing garbage to a random spot
on disk). If instead it had been a stealth 'bot', it would now have
about 12,000 machines ready to do its creator's bidding -- the entire
vulnerable population.
(If it had been targeting more numerous Linux, BSD, or Microsoft
systems, it would have spread as quickly, or more quickly.)
Worms are now able to propagate MUCH faster than humans can react to
stop them. They can be released MUCH faster than humans can install
patches. In short, the patch-and-pray model can't prevent
massive-scale attacks from succeeding (and using the resources of the
attacked machines for any other purpose).
This worm, along with others, validates the thesis from the seminal
2002 security paper, "How to 0wn the Internet in Your Spare Time" by
Stuart Staniford, Vern Paxson, and Nicholas Weaver. For that, see:
http://www.icir.org/vern/papers/cdc-usenix-sec02/
This has policy implications at many levels, from software development,
to security analysis, to infrastructure defense.
John
Date: Thu, 25 Mar 2004 15:49:02 -0800
From: Colleen Shannon <cshannon@xxxxxxxxx>
To: caida@xxxxxxxxx,
Subject: [Caida] witty worm writeup available
Hi folks,
David and I thought you might be interested in our analysis of the
spread of the witty worm. Our writeup is available at:
http://www.caida.org/analysis/security/witty/
Please let us know if you have any comments, questions, or other
feedback!
Thanks,
Colleen
--
Colleen Shannon
CAIDA/SDSC/UCSD - cshannon@xxxxxxxxx
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/