Had these people followed proper research techniques they would have found a number of issues with their project. First, it has been shown in peer-reviewed publications that it is more than easy to detect and avoid so-called Internet telescopes or honeynets. Second, the entire vulnerable population of the Code Red worm, arguably the worm with the largest vulnerable population, was only about.034% of the Internet address space. So they are proposing to have as many machines implement this as there are vulnerable machines - that is a pretty tall order. Third, people have worked on automatic patch generation techniques for worms before. The problem isn't designing a system that outpaces worms and contains them, the problem is making a system that is resilient to false positives, useful even under partial deployment conditions, and can protect more hosts than just those available on the local network.
I try not to post too much on Slashdot because there are typically enough people of the same opinion as me that I would just be repeating the same arguments and comments, but this article has really riled me up.
I am a doctoral student in computer science, and my main research focus is network security. As anyone with half a brain could tell you, the 'problem' with the Internet is that the majority of its underlying protocols, the things that make it 'just work', were developed when just about all users of the Internet were academics. I can say with some certainty that the originators had no ambitions of the Internet as the commercial behemoth that it has since become. All of these underlying protocols were developed with a level of implicit trust. One AS implicitly trusts that another AS will provide legitimate BGP updates and will be properly configured - it's pretty obvious today that is a poor assumption.
In response to this, researchers have thus far taken an approach of creating new protocols, higher in the OSI stack, that correct some of these issues, but in general these corrections are left to academia and are rarely picked up by industry. Perfect examples of this are the many solutions to various BGP security holes and misconfiguration problems. Not to mention stack guarding technologies, overlay networks, and worm containment (this one is near and dear to my research - see my blurb below).
One of the beauties of the Internet as it stands today is its decentralized nature. It is a global entity without borders and without centralized control. Once that decentralized standing is lost, it no longer becomes a global entity, it becomes a political tool, susceptible to the same influences as government contracting or elections or lobbying or what have you. I, for one, choose to have an Internet where I don't have to have some specially approved operating system to communicate and interact.
We live in a peer-to-peer society. There is no central entity regulating our communications with each other in person, and I don't see why it shouldn't be the same on the Internet.
Anyway, that was enough of a rant for the next month or so.
P.S. I have some interesting research on ways to stop various types of wide-spread malicious activity (read: spam, worms, and viruses [oh my]) on Internet-scale networks. If you are interested, feel free to send me a message or reply to this one.
Slashdot Mirror
The one in particular that comes to mind is this one from Usenix '05. https://www.usenix.org/events/sec05/tech/bethencou rt/bethencourt.pdf
Pretty much gives a technique for mapping out the location of these network telescopes or honeynets, which can later be used for avoidance.
Had these people followed proper research techniques they would have found a number of issues with their project. First, it has been shown in peer-reviewed publications that it is more than easy to detect and avoid so-called Internet telescopes or honeynets. Second, the entire vulnerable population of the Code Red worm, arguably the worm with the largest vulnerable population, was only about .034% of the Internet address space. So they are proposing to have as many machines implement this as there are vulnerable machines - that is a pretty tall order. Third, people have worked on automatic patch generation techniques for worms before. The problem isn't designing a system that outpaces worms and contains them, the problem is making a system that is resilient to false positives, useful even under partial deployment conditions, and can protect more hosts than just those available on the local network.
For those who don't know about this:
http://www.albinoblacksheep.com/text/france.html
Interesting little timeline showing major battles in French history (note the lack of victories).
I try not to post too much on Slashdot because there are typically enough people of the same opinion as me that I would just be repeating the same arguments and comments, but this article has really riled me up.
I am a doctoral student in computer science, and my main research focus is network security. As anyone with half a brain could tell you, the 'problem' with the Internet is that the majority of its underlying protocols, the things that make it 'just work', were developed when just about all users of the Internet were academics. I can say with some certainty that the originators had no ambitions of the Internet as the commercial behemoth that it has since become. All of these underlying protocols were developed with a level of implicit trust. One AS implicitly trusts that another AS will provide legitimate BGP updates and will be properly configured - it's pretty obvious today that is a poor assumption.
In response to this, researchers have thus far taken an approach of creating new protocols, higher in the OSI stack, that correct some of these issues, but in general these corrections are left to academia and are rarely picked up by industry. Perfect examples of this are the many solutions to various BGP security holes and misconfiguration problems. Not to mention stack guarding technologies, overlay networks, and worm containment (this one is near and dear to my research - see my blurb below).
One of the beauties of the Internet as it stands today is its decentralized nature. It is a global entity without borders and without centralized control. Once that decentralized standing is lost, it no longer becomes a global entity, it becomes a political tool, susceptible to the same influences as government contracting or elections or lobbying or what have you. I, for one, choose to have an Internet where I don't have to have some specially approved operating system to communicate and interact.
We live in a peer-to-peer society. There is no central entity regulating our communications with each other in person, and I don't see why it shouldn't be the same on the Internet.
Anyway, that was enough of a rant for the next month or so.
P.S. I have some interesting research on ways to stop various types of wide-spread malicious activity (read: spam, worms, and viruses [oh my]) on Internet-scale networks. If you are interested, feel free to send me a message or reply to this one.
Er... masquerade detection, not detective. Stupid tablet pc.
So... I did this with intrusion detection (masquerade detective actually) about a year and a half ago. Just FYI ...
http://www.acsac.org/2003/beststud.html
I believe they call it 'bluetooth'.