Worms Could Dodge Net traps

Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"

DSheild Discussion

[tjohns]

A similar article by zdnet.co.uk was brought up a few days ago on the DShield discussion list. One choice quote is from Johannes Ullrich, a member of the SANS Internet Storm Center and the developer of DShield:

We do receive reports from about 500-700k IP addresses each day.
Including the full list would be hard (or make for a very large worm).
In addition, many of these IPs are dynamic, so you have to exclude
networks rather then individual IPs.

To put it down bluntly: If every IP is a sensor, there is nobody left to
attack ;-)

For those of you who don't know, DShield is precisely one of the 'early-warning sensor' networks the article is talking about.