1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

Slides:

Advertisements

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Advertisements

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

By Hiranmayi Pai Neeraj Jain

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

Worm Defense. Outline Worm “How to Own the Internet in Your Spare Time” Worm defense Discussions.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Copyright Silicon Defense Worm Overview Stuart Staniford Silicon Defense

Worm Defenses Zach Lovelady and Nick Oliver cs239 – Network Security – Spr2003.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Security Robert Grimm New York University. Introduction  Traditionally, security focuses on  Protection (authentication, authorization)  Privacy (encryption)

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Introduction to Honeypot, Botnet, and Security Measurement

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

“How to 0wn the Internet in Your Spare Time” Nathanael Paul Malware Seminar September 7, 2004.

Honeypot and Intrusion Detection System

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

1 Large Scale Malicious Code: A Research Agenda N. Weaver, V. Paxson, S. Staniford, R. Cunningham Presented by Stefan Birrer.

How to Own the Internet In Your Spare Time! Group III Bill Barnes, Jeanann Boyce, Joe Braccia, Tonya Stephens,

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

1 Very Fast containment of Scanning Worms By: Artur Zak Modified by: David Allen Nicholas Weaver Stuart Staniford Vern Paxson ICSI Nevis Netowrks ICSI.

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.

Malicious Software.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.

1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Advanced Anti-Virus Techniques

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

Defending against Hitlist Worms using NASR Khanh Nguyen.

How to 0wn the Internet In Your Spare Time Authors Stuart Staniford, Vern Paxson, Nicholas Weaver Published Proceedings of the 11th USENIX Security Symposium.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Automated Response Using System Call Delays Anil Somayaji and Stephanie Forrest USENIX symposium How to Own the Internet In your Spare Time Stuart.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Very Fast containment of Scanning Worms

Viruses and Other Malicious Content

Code-red worm Attack on Computers.

Brad Karp UCL Computer Science

CSE551: Introduction to Information Security

Introduction to Internet Worm

Presentation transcript:

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter: Melvin Rodriguez for CAP 6133, Spring ’ 08

2 How to 0wn the Internet in Your Spare Time Thread Launch DDOS (Distributed Denial of Service) Access Sensitive / Restrictive Information Corrupt information’s Integrity Level Can Cause Significant Damage

3 How to 0wn the Internet in Your Spare Time Worms Programs that self replicate exploiting systems flaws Propagate quickly Hard to detect (initially) Constantly Improving Can Spread Fast

4 How to 0wn the Internet in Your Spare Time Propagation Techniques Used Hit-list scanning Faster propagation Permutation scanning Distributed coordination of a worm Internet scale hit-lists Targeting Internet enable devices Topology Aware Uses victims information Flash Worm Quick and Concentrated The Name of the Game is : The Faster the Better

5 Significant Worms Attacks Code Red I MS IIS vulnerability Spread by launching threads of random IP addresses Random generator used fixed seed IP address Code Red I version 2 Same code as Code Red I Fixed random generator Added a direct DDoS How to 0wn the Internet in Your Spare Time Constantly Evolving: New Improved Versions

6 Significant Worms Attacks Code Red II Different code from previous Code Reds Use same vulnerability previously used Installed a root backdoor Infected local machines How to 0wn the Internet in Your Spare Time Use of Different Techniques

7 Significant Worms Attacks Nimda Five different techniques -Probe -Copy - -Append Web code -Use backdoors How to 0wn the Internet in Your Spare Time Combination of different techniques: Multi-vector Approach

8 Significant Worms Attacks Nimda Infection How to 0wn the Internet in Your Spare Time

9 Significant Worms Attacks Nimda Very successful propagation rate  Unknown signature  Firewalls allow flow Complete functionality is still Unknown How to 0wn the Internet in Your Spare Time More Research is Needed

10 How to 0wn the Internet in Your Spare Time Other Advance Worm Characteristics / Features Updates and Controls Direct Worm-to-Worm Communication Programmable Remote Updates Remote Control Modification after Infection

11 How to 0wn the Internet in Your Spare Time Other Advance Worm Characteristics / Features Stealth contagion Slow spread Non predetermined pattern Effectiveness depends on various factors  On targets specific traffic using common traffic patterns  Exploit peer-to-peer (P2P) systems flaws  Size of targeted network  Remote Usage Slow propagation - Undetected Infection

12 How to 0wn the Internet in Your Spare Time High Level Cyber Center of Disease Control Concept Mission Monitor progression Identify threats Foster research Main Roles Identifying outbreaks Rapidly analyzing pathogens Fighting infections Anticipating new vectors Proactively devising detectors for new vectors Resisting future threats

13 How to 0wn the Internet in Your Spare Time Summary Worms are a threat affecting all levels of internet security They are constantly evolving and improving Worms combine several techniques to avoid detection and increase infections effectiveness Conclusion More research is needed Need for a centralized organization to bind and establish collaboration efforts at all Industry levels Worms can cause a significant level of damage / disruption of Internet services and lost of revenue

14 How to 0wn the Internet in Your Spare Time Contributions Explained the Threat and How Dangerous Presented techniques used for infecting systems Discussed known worms attacks Overview of techniques used Discussed main characteristics and features An high level overview of a centralized Cyber Center of Disease Control mission and roles

15 How to 0wn the Internet in Your Spare Time Weaknesses Title is misleading Points towards ‘how to’ approach No enough explanation on statistics No proven hypothesis Material is not easy to follow Better presentation of material Hypothesis without actual data to support Use of possible scenarios without real data CCDC deployment idea not fully developed Open items for further discussion

16 How to 0wn the Internet in Your Spare Time How to Improve Updating the title Expand on CDC concept Present how it would operate Organization and cooperation with other Agencies  NSA, USCERT, Military, Commercial, etc Additional analysis and description of Worms Rearrange the material sequence Re-group topics Depict International deployment / cooperation