1 how to 0wn the internet in your spare time authors: stuart staniford, vern paxson, nicholas weaver...
TRANSCRIPT
1
How to 0wn the Internet in
Your Spare Time
Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver
Publication: Usenix Security Symposium, 2002
Presenter: Melvin Rodriguez for CAP 6133, Spring’08
2
How to 0wn the Internet in Your Spare Time
Thread Launch DDOS (Distributed Denial of
Service) Access Sensitive / Restrictive Information Corrupt information’s Integrity Level
Can Cause Significant Damage
3
How to 0wn the Internet in Your Spare Time
Worms Programs that self replicate exploiting
systems flaws Propagate quickly Hard to detect (initially) Constantly Improving
Can Spread Fast
4
How to 0wn the Internet in Your Spare Time
Propagation Techniques Used Hit-list scanning
Faster propagation Permutation scanning Distributed coordination of a worm
Internet scale hit-lists Targeting Internet enable devices
Topology Aware Uses victims information
Flash Worm Quick and Concentrated
The Name of the Game is : The Faster the Better
5
Significant Worms Attacks Code Red I
MS IIS vulnerability Spread by launching threads of random IP
addresses Random generator used fixed seed IP address
Code Red I version 2 Same code as Code Red I Fixed random generator Added a direct DDoS
How to 0wn the Internet in Your Spare Time
Constantly Evolving: New Improved Versions
6
Significant Worms Attacks Code Red II
Different code from previous Code Reds Use same vulnerability previously used Installed a root backdoor Infected local machines
How to 0wn the Internet in Your Spare Time
Use of Different Techniques
7
Significant Worms Attacks Nimda
Five different techniques- Probe- Copy - Email- Append Web code - Use backdoors
How to 0wn the Internet in Your Spare Time
Combination of different techniques: Multi-vector Approach
8
Significant Worms Attacks Nimda
Infection
How to 0wn the Internet in Your Spare Time
9
Significant Worms Attacks Nimda
Very successful propagation rate Unknown signature Firewalls allow email flow
Complete functionality is still Unknown
How to 0wn the Internet in Your Spare Time
More Research is Needed
10
How to 0wn the Internet in Your Spare Time
Other Advance Worm Characteristics / Features Updates and Controls
Direct Worm-to-Worm Communication Programmable Remote Updates Remote Control
Modification after Infection
11
How to 0wn the Internet in Your Spare Time
Other Advance Worm Characteristics / Features Stealth contagion
Slow spread Non predetermined pattern Effectiveness depends on various factors
On targets specific traffic using common traffic patterns
Exploit peer-to-peer (P2P) systems flaws Size of targeted network Remote Usage
Slow propagation - Undetected Infection
12
How to 0wn the Internet in Your Spare Time
High Level Cyber Center of Disease Control Concept Mission
Monitor progression Identify threats Foster research
Main Roles Identifying outbreaks Rapidly analyzing pathogens Fighting infections Anticipating new vectors Proactively devising detectors for new vectors Resisting future threats
13
How to 0wn the Internet in Your Spare Time
Summary Worms are a threat affecting all levels of internet
security They are constantly evolving and improving Worms combine several techniques to avoid detection
and increase infections effectiveness Conclusion
More research is needed Need for a centralized organization to bind and
establish collaboration efforts at all Industry levels Worms can cause a significant level of damage /
disruption of Internet services and lost of revenue
14
How to 0wn the Internet in Your Spare Time
Contributions Explained the Threat and How Dangerous Presented techniques used for infecting
systems Discussed known worms attacks Overview of techniques used Discussed main characteristics and features An high level overview of a centralized Cyber
Center of Disease Control mission and roles
15
How to 0wn the Internet in Your Spare Time
Weaknesses Title is misleading
Points towards ‘how to’ approach No enough explanation on statistics
No proven hypothesis Material is not easy to follow
Better presentation of material Hypothesis without actual data to support
Use of possible scenarios without real data CCDC deployment idea not fully developed
Open items for further discussion
16
How to 0wn the Internet in Your Spare Time
How to Improve Updating the title Expand on CDC concept
Present how it would operate Organization and cooperation with other
Agencies NSA, USCERT, Military, Commercial, etc
Additional analysis and description of Worms Rearrange the material sequence Re-group topics Depict International deployment / cooperation