1 how to 0wn the internet in your spare time authors: stuart staniford, vern paxson, nicholas weaver...

16
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter: Melvin Rodriguez for CAP 6133, Spring’08

Upload: philippa-bailey

Post on 12-Jan-2016

219 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

1

How to 0wn the Internet in

Your Spare Time

Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver

Publication: Usenix Security Symposium, 2002

Presenter: Melvin Rodriguez for CAP 6133, Spring’08

Page 2: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

2

How to 0wn the Internet in Your Spare Time

Thread Launch DDOS (Distributed Denial of

Service) Access Sensitive / Restrictive Information Corrupt information’s Integrity Level

Can Cause Significant Damage

Page 3: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

3

How to 0wn the Internet in Your Spare Time

Worms Programs that self replicate exploiting

systems flaws Propagate quickly Hard to detect (initially) Constantly Improving

Can Spread Fast

Page 4: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

4

How to 0wn the Internet in Your Spare Time

Propagation Techniques Used Hit-list scanning

Faster propagation Permutation scanning Distributed coordination of a worm

Internet scale hit-lists Targeting Internet enable devices

Topology Aware Uses victims information

Flash Worm Quick and Concentrated

The Name of the Game is : The Faster the Better

Page 5: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

5

Significant Worms Attacks Code Red I

MS IIS vulnerability Spread by launching threads of random IP

addresses Random generator used fixed seed IP address

Code Red I version 2 Same code as Code Red I Fixed random generator Added a direct DDoS

How to 0wn the Internet in Your Spare Time

Constantly Evolving: New Improved Versions

Page 6: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

6

Significant Worms Attacks Code Red II

Different code from previous Code Reds Use same vulnerability previously used Installed a root backdoor Infected local machines

How to 0wn the Internet in Your Spare Time

Use of Different Techniques

Page 7: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

7

Significant Worms Attacks Nimda

Five different techniques- Probe- Copy - Email- Append Web code - Use backdoors

How to 0wn the Internet in Your Spare Time

Combination of different techniques: Multi-vector Approach

Page 8: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

8

Significant Worms Attacks Nimda

Infection

How to 0wn the Internet in Your Spare Time

Page 9: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

9

Significant Worms Attacks Nimda

Very successful propagation rate Unknown signature Firewalls allow email flow

Complete functionality is still Unknown

How to 0wn the Internet in Your Spare Time

More Research is Needed

Page 10: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

10

How to 0wn the Internet in Your Spare Time

Other Advance Worm Characteristics / Features Updates and Controls

Direct Worm-to-Worm Communication Programmable Remote Updates Remote Control

Modification after Infection

Page 11: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

11

How to 0wn the Internet in Your Spare Time

Other Advance Worm Characteristics / Features Stealth contagion

Slow spread Non predetermined pattern Effectiveness depends on various factors

On targets specific traffic using common traffic patterns

Exploit peer-to-peer (P2P) systems flaws Size of targeted network Remote Usage

Slow propagation - Undetected Infection

Page 12: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

12

How to 0wn the Internet in Your Spare Time

High Level Cyber Center of Disease Control Concept Mission

Monitor progression Identify threats Foster research

Main Roles Identifying outbreaks Rapidly analyzing pathogens Fighting infections Anticipating new vectors Proactively devising detectors for new vectors Resisting future threats

Page 13: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

13

How to 0wn the Internet in Your Spare Time

Summary Worms are a threat affecting all levels of internet

security They are constantly evolving and improving Worms combine several techniques to avoid detection

and increase infections effectiveness Conclusion

More research is needed Need for a centralized organization to bind and

establish collaboration efforts at all Industry levels Worms can cause a significant level of damage /

disruption of Internet services and lost of revenue

Page 14: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

14

How to 0wn the Internet in Your Spare Time

Contributions Explained the Threat and How Dangerous Presented techniques used for infecting

systems Discussed known worms attacks Overview of techniques used Discussed main characteristics and features An high level overview of a centralized Cyber

Center of Disease Control mission and roles

Page 15: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

15

How to 0wn the Internet in Your Spare Time

Weaknesses Title is misleading

Points towards ‘how to’ approach No enough explanation on statistics

No proven hypothesis Material is not easy to follow

Better presentation of material Hypothesis without actual data to support

Use of possible scenarios without real data CCDC deployment idea not fully developed

Open items for further discussion

Page 16: 1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

16

How to 0wn the Internet in Your Spare Time

How to Improve Updating the title Expand on CDC concept

Present how it would operate Organization and cooperation with other

Agencies NSA, USCERT, Military, Commercial, etc

Additional analysis and description of Worms Rearrange the material sequence Re-group topics Depict International deployment / cooperation