Interesting People mailing list archives
Fwd: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available
From: Dave Farber <dave () farber net>
Date: Mon, 29 Mar 2004 12:06:27 -0500
Date: Sun, 28 Mar 2004 16:19:45 -0800 From: John Gilmore <gnu () toad com> Subject: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available Sender: eff-infra-bounces () eff org To: eff-infra () eff org, gnu () toad com CAIDA's analysis of the "Witty" worm from two weeks ago is frightening. It was targeted to hit a particular vendor's firewall product. The worm came out one day after the vulnerability was disclosed and patched. Within 10 seconds it had spread to 110 hosts. Within 45 minutes, it had compromised almost all of the vulnerable machines on the Internet. As a destructive worm, it gradually disabled its hosts (by periodically writing garbage to a random spot on disk). If instead it had been a stealth 'bot', it would now have about 12,000 machines ready to do its creator's bidding -- the entire vulnerable population. (If it had been targeting more numerous Linux, BSD, or Microsoft systems, it would have spread as quickly, or more quickly.) Worms are now able to propagate MUCH faster than humans can react to stop them. They can be released MUCH faster than humans can install patches. In short, the patch-and-pray model can't prevent massive-scale attacks from succeeding (and using the resources of the attacked machines for any other purpose). This worm, along with others, validates the thesis from the seminal 2002 security paper, "How to 0wn the Internet in Your Spare Time" by Stuart Staniford, Vern Paxson, and Nicholas Weaver. For that, see: http://www.icir.org/vern/papers/cdc-usenix-sec02/ This has policy implications at many levels, from software development, to security analysis, to infrastructure defense. John Date: Thu, 25 Mar 2004 15:49:02 -0800 From: Colleen Shannon <cshannon () caida org> To: caida () caida org, Subject: [Caida] witty worm writeup available Hi folks, David and I thought you might be interested in our analysis of the spread of the witty worm. Our writeup is available at: http://www.caida.org/analysis/security/witty/ Please let us know if you have any comments, questions, or other feedback! Thanks, Colleen -- Colleen Shannon CAIDA/SDSC/UCSD - cshannon () caida org ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Fwd: [E-INFRA] Colleen Shannon: [Caida] witty worm writeup available Dave Farber (Mar 29)