Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Could Dodge Net traps

Posted by Zonk on from the crafty-devils dept.

Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"

5 of 58 comments (clear)

  1. Conclusion = obvious by rritterson · · Score: 4, Insightful

    Duh! Of course you can slowly figure out how a security system works, and then work around it. See any famous and/or talented thief for such an example. The real threat, I suppose, is that these worms can do it automatically and on a larger scale.

    Solution: Don't open holes and then fill them with trip wires. Just fill up the hole (via patch or otherwise) in the first place.

    --
    -Ryan
    AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
  2. Quick Summary by Shadowlore · · Score: 4, Interesting

    Maintaining sensor anonymity is critical because if the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.'

    So basically: "Security through Obscurity is Bad." combined with "We found a way to eliminate the obscurity.".

    --
    My Suburban burns less gasoline than your Prius.
  3. I wonder how long before... by Biomechanical · · Score: 4, Insightful

    ...We have roving Intrusion Countermeasures (Or IC) inside our system. Not just passive measures, but semi-autonomous active measures.

    We already have a form of White IC - simple detection, non-aggressive measures. How long before we have more active Grey IC - Tar Babies (similar to today's honey pots), Tar Pits, Blaster - and ultimately, Black IC - seeking out the source of the intrusion and in turn, destroying the origin of attack?

    Would a big, multi-national corporation get punished for "accidentally" frying the computer of someone who was thought to be intruding into the corporation's computers? I seriously doubt it.

    --
    His name is Robert Paulsen...
  4. Again?! by Arkan · · Score: 4, Interesting

    Is it just me, or are we again speaking about security through obscurity (albeit I have to admin that it's in a slightly different way, this time).

    How long will it take for people involved in computers and networks security that "secret" has no virtually no meaning in the field?

    A private key is the only exception I can see at the moment: it is kept secret because nobody has any use of it except its owner, a noone will ever need access to it.

    But how long a "secret" early-warning network will remain so... when its primary function is to be contacted by the worms that try to evade it?

    --
    Arkan

  5. That is to be expected by jurt1235 · · Score: 4, Insightful

    A biological virus adapts to its environment too, a worm too, so why would the digital variant not adapt. And since the main platform clearly suffers from an immune deficiency syndrom, just kept alive by their doctors and creators by means which are always to late to stop the newest infection but just on time to save most patients, it is pretty easy for the virusses to stay alive, and adapt to a point where the immune system will completely fail.

    --

    My wife's sketchblog Blob[p]: Gastrono-me