Re: Flash Worms

[Robert Graham <robert_david_graham () yahoo com>]

--- Michal Zalewski <lcamtuf () gis net> wrote:
> On Thu, 16 Aug 2001, Stuart Staniford wrote:
>
> > We argue that a well-prepared and well-designed worm could infect
> all
> > vulnerable Internet servers in less than thirty seconds - something
> we
> > are calling a Flash Worm.
>
> While I'm impressed with publications like this, and I am sure we
> should
> think seriously of scenarios described there, I hardly believe in "30
> seconds" or "15 minutes" or any similar scenario for few reasons...

People often ask me "what motivates people to write worms". The above
discussions highlights one of the prime motivations. In the scientific
community, we don't believe theories and propositions, only
experimental evidence. Therefore, to prove that somebody can take down
the Internet in 30 seconds, you actually have to do it. Otherwise,
nobody really believes you. 

For example, everyone talked about the dangers of DDoS attacks, but
people didn't really pay attention until Yahoo went down.

I agree with Michal -- the Internet is surprisingly non-linear in
behavior. It doesn't mean Stuart's work is wrong, just that we won't
really know for sure until somebody does it.

Ultimately, it isn't the researchers that will get credit for such
things, but the cyberterrorists who actually carry out the attacks
(e.g. Mafiaboy) and prove they work.




__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com