Slashdot Mirror
How to Own the Internet In Your Spare Time
xenofile writes "A chilling paper has recently been posted analyzing the various threats worms pose to the Internet, and the relative ease of exploiting say the 30,000,000 Kazaa hosts to completely cripple large portions of the net."
Lots of good stuff in this paper. It sorta combines many things you've probably
read, and demonstrates how the net could be seriously taken by someone who wants
it.
the net, like business or anything else in society is based on trust.
With the speed the RIAA gets these sharing networks to hunker down, perhaps the problem will go away on it's own...
On the other hand, perhaps pigs will fly, and a certain redmond company will once and for all wisen up and ensure their OS'es not by default make the world a happy place for worm writers..
Venlig Hilsen / Regards
John Hinge - shayera /
"Buffy I love you... Please God No!" S
To Appear in the Proceedings of the 11th USENIX Security Symposium (Security '02)
The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used to launch massive denial of service floods, but also to steal or corrupt great quantities of sensitive information, and confuse and disrupt use of the network in more subtle ways.
We present an analysis of the magnitude of the threat. We begin with a mathematical model derived from empirical data of the spread of Code Red I in July, 2001. We discuss techniques subsequently employed for achieving greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly virulent possible techniques: hit-list scanning (which creates a Warhol worm), permutation scanning (which enables self-coordinating scanning), and use of Internet-sized hit-lists (which creates a flash worm).
We then turn to the to the threat of surreptitious worms that spread more slowly but in a much harder to detect "contagion" fashion. We demonstrate that such a worm today could arguably subvert upwards of 10,000,000 Internet hosts. We also consider robust mechanisms by which attackers can control and update deployed worms.
In conclusion, we argue for the pressing need to develop a "Center for Disease Control" analog for virus- and worm-based threats to national cybersecurity, and sketch some of the components that would go into such a Center.
Also in PDF optimized for reading online, PDF optimized for printing
Wow, this paper really breaks new ground. Let's see:
If you can control a million hosts on the Internet, you can do enormous damage.
[..] you can access any sensitive information present on any of those million machines [..]
But for those who are truly thick and can't get the point:
In short, if you could control a million Internet hosts, the potential damage is truly immense [..]
It's good to see they're really targeting the 'brains' of the nation with these statements.
Luckily, things get a little more scientific as we move into the next section, but they actually say they're 'ignoring' certain important variables. Almost any mathetmatical theory works if you 'ignore' certain variables.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
But what about system level DOS attacks, you say? Firewalls were invented to solve these problems. Of course, firewalls were only invented because the original net code in Linux/Windows/etc hadn't anticipated DOS attacks, and couldn't fend them off themselves. I mean.. in 1994, who was flooding servers with 64kB ping packets?
It's time to rewrite the netcode. DOS attacks aren't really any different to memory leaks in programs. They can be controlled and confined and cleaned up, if the code is good. How often do you get a 'Protection Error' in Linux these days? Hardly ever. It's time to apply all of the safeguards we use in regular programming to net code too!
And if you're scared of reinventing the wheel and writing new net code from scratch, then you have only yourself to blame.
mogorific carpentry experiments
Want to be a Supervillian?
Don't have the body to fit in a costume?
Too out of shape to battle Superheros all over Champion City?
Think being a Supervillian is out of your reach?
Not anymore! Just like millions of other americans, the Internet has changed lives. Let it do the same...for YOU! With the "Rule the Internet like an Evil Overlord" plan, you can learn how to take advantage of this exciting new medium to spread choas and terror into the people the world around! Now you can work to inspire fear from the comfort of your own home!
It's illegal to distribute virusses. People can go to jail for spreading them. So, why worry. We're safe.
DNA is the ultimate spaghetti code.
Very nice paper from Paxson.
On angle he neglects to mention is that the worm could only be the first wave of attack. The machines rapidly infected by a flash virus could easily be transformed into a massively parallel computing platform, into which a seconday attack program could be distributed in a matter of seconds. Such programs could then be used, for instance, to crack entry into strategically important machines that do not exhibit vulnerabilities directly exploitable by the first stage virus.
Scary. I've been wondering why someone hasn't done it yet.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
The really scary thing is that somebody may try this. If you're objective is just to cause disruption and panic, why go through all of the trouble of sneaking past the INS, paying for flight school, buying expensive GPS receivers and losing 19 believers in your cause? Why not just hire some 31337 geeks, preferably young teenagers who want to show off their skillz without caring about what happens, to shut down the e-mail and telephone systems in your favorite target country. You can be at home drinking at MaiTai instead of getting your hands dirty.
Are we scared now? We should be.
So, would owning the net mean that my ISP would be obliged to give me some sort of discount on what I'm paying them every month?
Odd... They don't mention Pitr Cola once in the whole paper. Are they overlooking the obvious?
It's called the normal distribution. The worst programmers can't write networking code at all. Normal programmers write crappy code and the best coders get all frothy about all the crappy code out there.
Sad but true. Quality takes time, money, and good people. All scarce resources.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
If I shoot a person and she dies. Should people sue God because of his buggy code? If the terrorists hit a plane in a building and the building collapses, should I sue the architects? If some cracker, uses a Trojan on my OS, should I blame my OS?
You miss the point. If the Internet gets congested with traffic, you will suffer too. Take, for example, the latency spike that occurred last monday around 2:00pm EST as the worm that attacked M$ SQL servers started doing its thing.
Until the majority starts using linux and virus creators focus on linux instead of MS. ;)
And don't gimme that crap on how linux is invulnerable to virus/worm attacks... It's just more interesting for virus writers to focus on MS, as it's products have the biggest share on the desktopmarket. "It's a bigger kick"
"The majority is always sane, Louis." -- Nessus
http://slashdot.jp
Click here or here.
I'd rather be using right now a somewhat insecure Windows XP instead of an extremely secure Windows 3.1.
Look at Israel, due to the environment they live in, they most probably have the best security yet they're unable to stop many of the terrorist attacks.
Which reminds me, I noticed a few days ago that some guy is using my email address to send viruses via Sendmail's SMTP. I don't think he's even using a password. I notified my hosting company. But according to you, I should be suing Sendmail?
Vintage computer games and RPG books available. Email me if you're interested.
99% of Slashdot readers would be fighting MS execs to be the lead frothers and bitching because MS doesn't know how to froth properly.
...
There would be an RFC about proper frothing etiquette, and another about frothing efficiently.
30 minutes after the riot started, there'd be at least four schisms within the Slashdot frothing community, each claiming that their froth was better than all the others.
Somebody would start %. so that other frothers could get in the action.
MS would find that the one thing no one really wants is a frother, so they would refuse to embrace and extend frothers.
Frothdotters would get really upset about that and froth even more.
Yadda yadda yadda
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Why does this remind me of something that I would see as a scheme on Pinky and the Brain?
Pinky. Are you pondering what I'm pondering?
I think so Brain, but if we take over the net, how will the big boats catch any fish?
*bonk*
Not that kind of net, Pinky. The Internet: A global network of millions of computers; a network where music and pr0n are yours for the taking; a network where powerful tools like email and hypertext are used promote penis enlargement, pyramid schemes, and cheap drugs from the third world; a network where millions are left totally vulnerable by software given to them freely by the richest company in the world.
Ooooo, sounds nice, Brain. But Brain?
Yes, Pinky?
If you take it over, who's gonna share their pr0n with you?
Some people have a way with words, and some people, um, thingy.
Like magic, the whole internet becomes more secure.
It's because of thinking like this that the Internet is inherently insecure.
Installing Linux causes Microsoft worms? ???
There are no magic bullets, but Linux and moreso the BSDs have the attitude that the user should be in control and know what is going on. Maybe not secure yet, but enough is being done with jails and sandboxes and such that before long I should be able to run unpatched exploitable code with impunity. The only significant difference between the current Microsoft wormage and the UNIX Honor Virus is the user's awareness of just what is going on.
It's just more interesting for virus writers to focus on MS, as it's products have the biggest share on the desktopmarket.
More important, it's so much easier to find holes in Microsoft.
No, that would be a DDOS, ala the /. effect.
This, if anything, shows the need for (as stated in the paper) a need to have a central system for recovery and research of what was described. The obvious double edged sword of this document, and documents similar, in my opinion show the need for a head strong security movement. I, like many Linux users, are constantly amused and entertained by the 'average' individuals lack of know how in this field, however, I am not amused or entertained at their ignorance to security in general. It would seem that part of the blame could be the software companies lack of forwarding information to the customer on the issue, and part of the blame in the customers hands themselves. I am not pointing fingers or blame, just simply saying they are not educated enough to control the security of their own system(s). In my opinon, this is dangerous and there should be much more education given to the hands of the end user. Obviously an 80 year old woman with a background in knitting is not going to be able to secure her home PC, so I am not speaking of extreme change. However, I am speaking of individuals, who move from mom and pop stores to ecommerce means. So often I see individuals start an ecommerce site, and then are startled why their site was owned when they are using outdated forum software, cart software, or other software, and a password that consists of 'changeme'. Maybe a dumbed down security manual referred to by ecommerce providers would do the trick, maybe not. I don't know, I'm not a security executive, so I dont have the solution (...yet, lol). But just something, anything, to show the end user some basic means of boosting security and authentication may be enough to get the ball rolling. - Ross Smith
Well, I disagree. It IS the users fault they clicked on okay. It is the user who is in control of the machine, and the user who is responsible for what they do. When you click on something, you are allowing something to happen.
Yes, some worms spread automatically, wihtout user intervention, via holes in OE. I daresay these same holes could have been exploited by a slightly modified worm for Eudora. Eudora uses the MS viewer by default.. exactly the same thing OE uses.
The number of worms that spread because morons click on an attachment to open it even though they have been told DIRECTLY, a HALF DOZEN TIMES, NOT TO OPEN ATTACHMENTS IF YOU DONT KNOW WHAT THEY ARE is staggering. This, by far, is where the vast majority of worms come from.
Now.. I don't want to believe all these people are that stupid.. it's just a fundamental lack of understanding about how a computer works.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
----
They should just rename VB Support HIV, same effect on a computer immune system.
Oh come on now, I think the benefits of being able to embed an Active X control in an email message and have it automatically run when the recipient views it MORE than outweigh the negative consequences... How else would we be able to send cutesy little Flash animated greeting cards to everyone we know??
> In essence it really isn't the bad or buggy OS you run or how good your damn anti-virus software is. It all comes down to
> the end-user: if someone is stupid enough to open "myNakedWife.bmp.exe" they kinda deserve being bitraped by a damn
> virus or a worm.
And will you still think this if it happens to you or someone you care about?
Something like this happened to my wife: she received an email with an image attatchment with a return address from someone she knew. She tried to open the attachment, found nothing there, thought it was odd.
Her acquaintence was online later, & several people asked her about this email. ``What email?" At that point my wife called on me.
(Note: yes my wife runs Win98. That's because she's an accountant & uses a lot of software that runs on Windows.)
We downloaded a virus checker, & I sweated while I waited for it to do it's thing: I knew just how easily her system could get corrupted by a virus, & that we'd have to wipe & reinstall her system -- & spend hours reconfiguring it. Fortunately I insisted on her using Eudora as her mail client for this very reason, & the virus she had recieved was inert.
In short, the viruses are getting ever craftier, & even knowledgeable Windows users are getting bit. Unless you're willing to argue that anyone using Microsoft software deserves this result for selecting inferior software, you can't dump the entire responsibility onto the end users.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
We had better keep this little tid bit under raps, me thinks Pitr from http://www.userfriendly.org may use it to his diabolic desires.
It's bad enough he took over both the Pepsi and Coca Cola corporations.
Pitr Cola, it just feels right.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Keep in mind that not everyone leaves Kazaa connected all the time and many folks don't share anything out. The number is quite probably much higher than 5800.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
The simple flood always works
Not always. There are systems that implement a process that I call 'dynamic firewalling' (if someone knows the real name, let me know!).. which means if they receive too many packets (or irrelevant packets) in a certain amount of time, they block that host for a while.
'But(!)', you say, 'that doesn't mean the data isn't still coming down your pipe and sucking up your downstream bandwidth!' This is true, but I have seen routers that also implement similar systems.. so if all routers had dynamic firewalling, packets would be blocked right back from the source router, meaning the Internet, as a whole, does not suffer from an attempted attack.
mogorific carpentry experiments
So what would happen if someone managed to maintain a DDOS attack from say 10 million compromised systems against the root name servers? Would all the caches eventually go bad and get wiped, so nobody could connect to any hosts and the net was dead? Or would the cached data stick around, so that people could still connect to existing systems, but updates would no longer propagate? Or something else? Thanks!
He allready owns the internet. he carries it arround on a floppy disk in has back pocket.
He had an IT guy download it last week for him.
(its a joke, laugh)
You are neglecting the spin that will be applied by governments and corporations. And the "lobbying" efforts that will ensure that the form of the prescribed remedies is of benefit to the "appropriate parties".
The corner cop may be my friend, as the sheep dog is to the sheep, but the U.S. government has been acting more similar to a meat packing plant.
I think we've pushed this "anyone can grow up to be president" thing too far.
The obvious solution:
Many sysadmins understand that they need to put their servers behind a firewall, protecting the servers from malicious inbound traffic from the internet. Now is the time to educate these sysadmins that they need to configure the firewalls to also block outbound access from the servers to the internet.
For instance, a web server don't need outbound access to the internet at all, you are not going to use the server to browse the internet, so please block all outbound traffic from the web server. If this server get infected by a new worm, the worm can't spread to other hosts trough http. Simple.
I have read a lot about firewalls lately, most focus on securing the inbound traffic, a few talks about egress filtering to stop address spoofing, but none writes about blocking outbound access from the servers, to stop worms from spreading from your server.
RFC1925
Yes, it's possible to cause massive disruption. It has been for a long, long time.
I recall the FBI stating that it was not some ddos attack that scared them, but hte fact that so many young kids controlled so many computers and DIDN'T do anything with it.
So we ask ourselves, what if this were in the hands of someone who actively wanted to exploit it?
Who are we kidding? Most of the kids that control tons of computers for their ddos attacks for taking over irc servers are not geniuses. If someone had a reason to take over many, many cmoputers and use them for financial gain, they would do it. Plain and simple.
The fact is, owning tons of bandwidth and cycles for a brief amount of time (because that's all you are going to get) is not all that useful long term. How are you going to cash in on it?
Why further the problem.
Check out this link to begin learning about denial-of-service attacks. Here's another if your appetite for self-education has been whet.
No thanks. Watching you get pissed off over something that doesn't even matter is entertainment enough! :-)
actually coming up with a real and working solution is pretty hard and *way* beyond what you seem capable of.
Actually it's beyond what the best programming brains in the world have been able to come up with too.. so I don't think I'm doing so bad.
mogorific carpentry experiments
I think we are reinventing the weel. Windows was based not only on the idea that a computer should be usable by Joe and Jane but also on the premise that it should be admninistered by those Joe and Jane's.
It think that was a wrong choice. To make the choice worst, they decided that it should allow you to do everything easily (no learing neeeded) and if something was a bit complicated, then it should be stripped off.
The day they realize things should be "owned" and "permisioned" we'd be ok. I don't fear executing whatever in my linux, as long as i use a non important account to execute it (you also need to have all the permisions right or...).
Everyone should be able to use computers, administering is another thing. They can provide a default install that is ok and secure. Of course, there will be some things Joe will not be able to do. And that's a good thing (he can learn a bit if he really wants to change them).
unfinished: (adj.)