Wednesday, July 29, 2009

2.3 Worm Propagation

Worms already pose one of the biggest threats to the internet. Currently, worms
such as Code Red or Nimda are capable of infecting hundreds of thousands of
hosts within hours and no doubt that better engineered worms would be able
to infect to reach the same result in a matter of seconds. Worms propagating
through P2P applications would be disastrous: it is probably the most serious
threat.
There are several factors which make P2P networks attractive for worms [13]:
• P2P networks are composed by computers all running the same software.
An attacker can thus compromise the entire network by finding only one
exploitable security hole.
• P2P nodes tend to interconnect with many different nodes. Indeed a
worm running on the P2P application would no longer loose precious time
scanning for other victims. It would simply have to fetch the list of the
victim’s neighboring nodes and spread on.
• P2P applications are used to transfer large files. Some worms have to
limit their size in order to hold in one TCP packet. This problem would
not be encountered in P2P worms and they could thus implement more
complicated behaviors.
• The protocols are generally not viewed as mainstream and hence receive
less attention from intrusion detection systems.
• P2P programs often run on personal computers rather than servers. It is
thus more likely for an attacker to have access to sensitive files such as
credit card numbers, passwords or address books.
• P2P users often transfer illegal content (copyrighted music, pornography
...) and may be less inclined to report an unusual behavior of the system.
• The final and probably most juicy quality P2P networks possess is their
potentially immense size.
Once worms finish propagating, their goal is usually to launch massive DDOS
attacks (W32/Generic.worm!P2P, W32.SillyP2P, ...) against political or commercial
targets (whitehouse.gov, microsoft.com, ...).

No comments:

Post a Comment

Hi thank you for comment in Assignment Lanka " Book Mark on me' To future references.

Tag

Assignment Lanka Tag Cloud
Computer Networks The History of Local Area Networks, LAN, The Topologies of a Networks, LANs describe different types of transmission Medias, Local Area Networks Access Methods, Carrier Sense Multiple Access with Collision Detect, Development of LAN Technologies. LAN -Token Ring, LAN Ethernet Digital, LAN - Ethernet Sun microsystems, LAN - Ethernet Mixed Environment, LAN - Token Ring was introduced by IBM LAN - IBM implementation of Token Ring, Token Ring Novell, LAN Token Ring - in a mixed environment, LAN - Fiber Distributed Data Interface, LAN - ATM, LAN Components, LAN Switching Methods, Virtual Local Area Network, Port based VLAN, Mac based VLAN, Protocol based VLAN, User Base VLAN, PC networks Components, PC networks Shared resources, PC Network operating systems, PC networks Novell Netware, PC networks Windows NT, PC networks IBM LAN Server Computer Programming Languages HTML Language, The Generations of Programming Languages, Different types of High Level Languages, Different types of High Level Languages Disadvantages
Computer Networks - IBM LAN Server, Windows NT Networks, Novell Netware, Network operating systems, Networks Shared, Networks Components, User Base, Protocol based, Mac based, Port based, VLAN, LAN Switching, LAN Components, ATM, Fiber Data, Token Ring, Token Ring Novell, IBM implementation, Ethernet, Sun microsystems, Ethernet Digital, Token passing, LAN Technologies, CSMA/CD, Access Methods, Transmission, Networks, The History of Local Area Networks, LAN