160 likes | 175 Views
An in-depth exploration of worm attacks in cyberspace, their propagation techniques, impact on internet security, and the need for a central cyber defense organization. Suggestions for improvement and future research areas.
E N D
How to 0wn the Internet in Your Spare Time Authors:Stuart Staniford, Vern Paxson, Nicholas Weaver Publication:Usenix Security Symposium,2002 Presenter:Melvin Rodriguez for CAP 6133, Spring’08
How to 0wn the Internet in Your Spare Time • Thread • Launch DDOS (Distributed Denial of Service) • Access Sensitive / Restrictive Information • Corrupt information’s Integrity Level Can Cause Significant Damage
How to 0wn the Internet in Your Spare Time • Worms • Programs that self replicate exploiting systems flaws • Propagate quickly • Hard to detect (initially) • Constantly Improving Can Spread Fast
How to 0wn the Internet in Your Spare Time • Propagation Techniques Used • Hit-list scanning • Faster propagation • Permutation scanning • Distributed coordination of a worm • Internet scale hit-lists • Targeting Internet enable devices • Topology Aware • Uses victims information • Flash Worm • Quick and Concentrated The Name of the Game is : The Faster the Better
How to 0wn the Internet in Your Spare Time • Significant Worms Attacks • Code Red I • MS IIS vulnerability • Spread by launching threads of random IP addresses • Random generator used fixed seed IP address • Code Red I version 2 • Same code as Code Red I • Fixed random generator • Added a direct DDoS Constantly Evolving: New Improved Versions
How to 0wn the Internet in Your Spare Time • Significant Worms Attacks • Code Red II • Different code from previous Code Reds • Use same vulnerability previously used • Installed a root backdoor • Infected local machines Use of Different Techniques
How to 0wn the Internet in Your Spare Time • Significant Worms Attacks • Nimda • Five different techniques • Probe • Copy • Email • Append Web code • Use backdoors Combination of different techniques: Multi-vector Approach
How to 0wn the Internet in Your Spare Time • Significant Worms Attacks • Nimda Infection
How to 0wn the Internet in Your Spare Time • Significant Worms Attacks • Nimda • Very successful propagation rate • Unknown signature • Firewalls allow email flow • Complete functionality is still Unknown More Research is Needed
How to 0wn the Internet in Your Spare Time • Other Advance Worm Characteristics / Features • Updates and Controls • Direct Worm-to-Worm Communication • Programmable Remote Updates • Remote Control Modification after Infection
How to 0wn the Internet in Your Spare Time • Other Advance Worm Characteristics / Features • Stealth contagion • Slow spread • Non predetermined pattern • Effectiveness depends on various factors • On targets specific traffic using common traffic patterns • Exploit peer-to-peer (P2P) systems flaws • Size of targeted network • Remote Usage Slow propagation - Undetected Infection
How to 0wn the Internet in Your Spare Time • High Level Cyber Center of Disease Control Concept • Mission • Monitor progression • Identify threats • Foster research • Main Roles • Identifying outbreaks • Rapidly analyzing pathogens • Fighting infections • Anticipating new vectors • Proactively devising detectors for new vectors • Resisting future threats
How to 0wn the Internet in Your Spare Time • Summary • Worms are a threat affecting all levels of internet security • They are constantly evolving and improving • Worms combine several techniques to avoid detection and increase infections effectiveness • Conclusion • More research is needed • Need for a centralized organization to bind and establish collaboration efforts at all Industry levels • Worms can cause a significant level of damage / disruption of Internet services and lost of revenue
How to 0wn the Internet in Your Spare Time • Contributions • Explained the Threat and How Dangerous • Presented techniques used for infecting systems • Discussed known worms attacks • Overview of techniques used • Discussed main characteristics and features • An high level overview of a centralized Cyber Center of Disease Control mission and roles
How to 0wn the Internet in Your Spare Time • Weaknesses • Title is misleading • Points towards ‘how to’ approach • No enough explanation on statistics • No proven hypothesis • Material is not easy to follow • Better presentation of material • Hypothesis without actual data to support • Use of possible scenarios without real data • CCDC deployment idea not fully developed • Open items for further discussion
How to 0wn the Internet in Your Spare Time • How to Improve • Updating the title • Expand on CDC concept • Present how it would operate • Organization and cooperation with other Agencies • NSA, USCERT, Military, Commercial, etc • Additional analysis and description of Worms • Rearrange the material sequence • Re-group topics • Depict International deployment / cooperation