nanog mailing list archives
Re: Cost of Worm Attack Protection
From: Sean Donelan <sean () donelan com>
Date: Thu, 13 Nov 2003 12:34:44 -0500 (EST)
On Thu, 13 Nov 2003 sgorman1 () gmu edu wrote:
I was hoping to get some estimates from folks on the costs of defending networks from various worm attacks. It is a pretty wide open question, but if anyone has some rough estimates of what it costs per edge, manpower vs. equipment costs, or any combination thereof it would be of great assistance. We are doing some simulations of attack and defense strategies and looking for some good metrics to plug into a cost benefit model. We'd be happy to share the results if anyone is interested as well.
I don't know of any existing worms that attack Cisco or Juniper or other network backbone equipment. For a NSP or ISP, worms are primarly an issue of capacity planning. According to bankruptcy filings, companies such as Worldcom spent billions increasing their backbone capacity throughout the 1990's. So the backbones still have a massive capacity glut. But I don't know if they increased their network capacity due to worms or for other reasons. If the worms don't cause problems for the network provider, what should they do? On the other hand, would it make the problem worse? The US Forest Service used to have a policy of aggressively fighting all forest fires. This resulted in a build-up of fuel load throughout the forest lands, and then massive forest fires. The regular smaller fires served an important purpose in the eco-system, and limited the fuel load. If NSPs aggressively blocked worms, would this result in end-users doing even less than they currently do to keep their systems up to date and protected? Then instead of the occasional 1% to 5% infection rate for worms, would we be faced with a user population with even worse defenses than they have now? You often see this effect in enterprise networks with massive firewalls on the perimeter, and no protection on the inside. When a worm gets past the perimeter firewall, it wrecks havoc on the out-of-date systems in the enterprise.
Current thread:
- Cost of Worm Attack Protection sgorman1 (Nov 13)
- Re: Cost of Worm Attack Protection Joel Jaeggli (Nov 13)
- Re: Cost of Worm Attack Protection Sean Donelan (Nov 13)
- <Possible follow-ups>
- Re: Cost of Worm Attack Protection sgorman1 (Nov 13)
- Re: Cost of Worm Attack Protection Jared Mauch (Nov 13)
- Re: Cost of Worm Attack Protection Valdis . Kletnieks (Nov 13)
- Re: Cost of Worm Attack Protection Tony Rall (Nov 13)
- Re: Cost of Worm Attack Protection Jared Mauch (Nov 13)
- Re: Cost of Worm Attack Protection kgraham (Nov 13)
- FW: Cost of Worm Attack Protection Braun, Mike (Nov 13)
- Re: FW: Cost of Worm Attack Protection Sean Donelan (Nov 13)
- Re: FW: Cost of Worm Attack Protection Rob Thomas (Nov 13)
- Re: FW: Cost of Worm Attack Protection Sean Donelan (Nov 13)
- Re: FW: Cost of Worm Attack Protection kgraham (Nov 13)
- Re: FW: Cost of Worm Attack Protection Alexei Roudnev (Nov 13)