nanog mailing list archives
Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
From: Stuart Staniford <stuart () silicondefense com>
Date: Mon, 24 Nov 2003 16:30:48 -0800
[Sorry for responding to old mail, but I'm catching up] On Sunday, November 16, 2003, at 02:12 PM, Sean Donelan wrote:
I've often tried to explain that ISPs generally view worms as a "capacity planning" issue. Worms change the "eco-system" of the Internet and ISPshave to adapt. But ISPs generally can't "fix" the end-users or their computers.
I'm curious to know if doing this is at all well understood?Those of us doing research on worm spread, I don't think have a completely clear understanding of the interaction of Internet bandwidth and worm spread. Slammer, we are pretty clear became bandwidth limited (the rate of spread slowed down dramatically about 40 seconds into the spread). But we don't really know where those chokepoints live (at the edge, or in the middle).
It would seem for the Internet to reliably resist bandwidth attacks from future worms, it has to be, roughly "bigger in the middle than at the edges". If this is the case, then the worm can choke edges at the sites it infects, but the rest of the net can still function. If it's bigger at the edges than in the middle, you'd expect a big enough worm would be able to choke the core. For a given ISP, you'd want capacity to the upstream to be bigger than the capacity to downstream customers. (It would seem like this would be the reverse of what economics would tend to suggest).
Do we really know much about the capacity of the Internet to carry worm traffic? (We believe Slammer used a peak bandwidth of roughly 200 Gbps).
Stuart. Stuart Staniford, President Tel: 707-840-9611 x 15 Silicon Defense - Worm Containment - http://www.silicondefense.com/ The Worm/Worm Containment FAQ: http://www.networm.org/faq/
Current thread:
- Re: Santa Fe city government computers knocked out by worm, (continued)
- Re: Santa Fe city government computers knocked out by worm Steven M. Bellovin (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Dr. Jeffrey Race (Nov 16)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Valdis . Kletnieks (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Scott Francis (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Scott Francis (Nov 17)
- Re: Santa Fe city government computers knocked out by worm Alex Yuriev (Nov 17)
- Re: Santa Fe city government computers knocked out by worm kenw (Nov 17)
- Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] jmalcolm (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] jmalcolm (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Sean Donelan (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Stuart Staniford (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Rob Thomas (Nov 24)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Sean Donelan (Nov 25)
- Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm] Rob Thomas (Nov 25)