SDACM Logo  
  San Diego Professional Chapter Association for Computing Machinery
Meetings
Past Meetings
Mailing List
Join ACM
Professional Development
Career Task Force
Jobs
Related Orgs
Membership Policy
Officers

 

Past Meeting - April 22, 2004

Security without Firewalls: Myths and Practical Reality of Effective Security

Summary

David gave a fascinating introduction to the art of tracking the progress of worm infestations on the Internet. He explained CAIDA's Internet telescope and how it collects data on worm activity. He showed us how analysis of the data can show how fast a worm is spreading and give other insights into worm gang behavior. His animations of the world-wide spread of the Code Red worm and two others were horrifying -- one worm nailed the entire Internet in less than 10 seconds! He also introduced the idea of boutique worms -- worms targeted at particular software installations that aren't commonly found on the Internet, but make high value targets nevertheless. The take home message was that worms can spread far more quickly than we can stop, and their payloads are becoming far more malicious than we've seen so far. CAIDA has numerous papers on these topics, and we're invited to take a look: www.caida.org. Thanks to David for his great presentation and for fielding questions and discussion for so long after the meeting ended!

Abstract

Network telescopes provide the unique ability to see large-scale globally-dispersed network security events, such as denial-of-service attacks and the spread of Internet worms. A network telescope is a portion of routed IP address space with little or no legitimate traffic. By monitoring unexpected traffic arriving at a telescope, we can determine remote victims of DoS or hosts infected by a worm. More than 100 distributed denial-of-service attacks are occurring on average every minute of every day. Highly infectious Internet worms have become prevalent: in August 2001, CodeRed infected 360,000 machines in 10 hours.

In January 2003, Sapphire/SQL Slammer infected over 75,000 machines in ten minutes. This talk covers trends in DoS attacks and victims over the past 2 years, as well as the spread dynamics of the Code-Red, CodeRedII, SQL Slammer/Sapphire and Witty worms.

Presenter Bio

David Moore is a popular speaker and researcher with expertise in Internet measurement and network security. He is a principal investigator and assistant director of the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Supercomputer Center at UCSD and also a computer science PhD candidate at the University of California, San Diego.

His work with others on tracking denial-of-service attacks and Internet worm spread has appeared in Information Security Magazine, IEEE Security & Privacy Magazine and Scientific American and, of course, slashdot. His presentations include invited talks at Usenix LISA, Usenix Security, NANOG (North American Operators Group), and others.