Full Disclosure mailing list archives

Re: Its time to get serious about Storm Worm / RBN

From: coderman <coderman () gmail com>
Date: Wed, 19 Mar 2008 12:37:23 -0700

On Wed, Mar 19, 2008 at 5:49 AM, mcwidget <mcwidget () gmail com> wrote:

...
Aint that the whole problem with Storm tho?  The lack of CC boxes?  Without
that target, how do you effectively shutdown something like this?


the target is the distributed hash table routing metric used for
decentralized C&C.  kademlia, chord, and DHT's in general are fragile;
they trade efficiency for resilience against a coordinated attacker,
presuming the redundancy adequate for random (read: not intentional)
failure is sufficient.

if you want to take down storm, take down the C&C.  it will cost you
$100/mo for a dedicated server with modest bandwidth.  implemented the
attack is left as an exercise for the reader...

:P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Its time to get serious about Storm Worm / RBN worried security (Mar 19)
- Re: Its time to get serious about Storm Worm / RBN coderman (Mar 19)
  - Re: Its time to get serious about Storm Worm / RBN n3td3v (Mar 19)
    - Re: Its time to get serious about Storm Worm / RBN Vladimir Vitkov (Mar 19)
    - Re: Its time to get serious about Storm Worm / RBN mcwidget (Mar 19)
    - Re: Its time to get serious about Storm Worm / RBN coderman (Mar 19)
    - Message not available
    - Re: Its time to get serious about Storm Worm / RBN coderman (Mar 19)
    - Re: Its time to get serious about Storm Worm / RBN Philip Fagan (Mar 19)
  - Re: Its time to get serious about Storm Worm / RBN Michael Simpson (Mar 19)
    - Re: Its time to get serious about Storm Worm / RBN n3td3v (Mar 19)
- Re: Its time to get serious about Storm Worm / RBN Rankin, James R (Mar 19)