Security Incidents mailing list archives
Re: Flash Worms
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Sun, 19 Aug 2001 19:20:15 -0400 (EDT)
On Fri, 17 Aug 2001, Robert Graham wrote:
People often ask me "what motivates people to write worms". The above discussions highlights one of the prime motivations. In the scientific community, we don't believe theories and propositions, only experimental evidence. Therefore, to prove that somebody can take down the Internet in 30 seconds, you actually have to do it. Otherwise, nobody really believes you.
robert's almost right. (1) the scientific community doesn't ncessarily discard something without experimental evidence, but instead accepts well reasoned and founded arguments. example: einstein's theory of relativity, which took decades to gain experimental evidence (and we're still finding some), but was accepted much earlier due to the clean, solid reasoning behind it. i'm really sorry to see these two discussions gaining such blind acceptance. it strikes me as obvious that for both the warhol worm and the flash worm that people don't understand basic elements of dynamics, such as kinetic theory, which includes things like encounter theory and propogation. if such analysis were included, done, or even simply understood, i think that this whole discussion would have been seen as obviously lacking in technical merit, and ripe in hyperbole. in a nutshell, think sigmoidal growth patterns, not exponential. that's not to say that there can be an architecture for fast spread, but neither the warhol worm nor the flash worm seem to be adopting it. as such, i don't see the need for experimental demostration of this, only a more sound backing of the theory with some mathematical workings. sure, we can all assume infinitely fast transfer rates, sub-second exploitation/control gain, and inifinitely fast pipes, but even then 15 minutes is not going to plausibly happen. i've started working on framing kinetic theory for the information scientist to discuss worms specifically. in the meantime, those who wish to seriously analyze these offerings in the flash worms and the warhol worm scenarios, please read this excellent paper by the IBM antivirus research team: http://www.research.ibm.com/antivirus/SciPapers/Kephart/ALIFE3/alife3.html notes: 1. i'm a scientisit, specifically a biochemist. i live in the scientific community, so .. thats my perspective. i don't speak for all, only ofering a perspective here that seems to be lost. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Flash Worms, (continued)
- Re: Flash Worms Stuart Staniford (Aug 18)
- Re: Flash Worms Michal Zalewski (Aug 18)
- Re: Flash Worms jaywhy (Aug 18)
- Re: Flash Worms Dragos Ruiu (Aug 19)
- Re: Flash Worms Shoten (Aug 23)
- Re: Flash Worms Kevin Reardon (Aug 24)
- Re: Flash Worms Stuart Staniford (Aug 18)
- Re: Flash Worms Stuart Staniford (Aug 22)
- Re: Flash Worms Bruno Treguier (Aug 21)
- Re: Flash Worms Kevin Reardon (Aug 22)
- Re: Flash Worms Jose Nazario (Aug 19)
- Flash Worms and congestion Stuart Staniford (Aug 22)