CIS 442 Chapter 3 Worms Worms Biological and

CIS 442 - Chapter 3 Worms

Worms Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation • DOS attack • •

Code Red I • • • History of first Worm Vulnerability : IIS Payload or Damage Nature of access Propagation

Speed of Propagation • Challenge of accessing a large number of computers based on their IP addresses • Searching all computers for those that have the exposed vulnerability

Code Red II • Differences or enhancements in comparison with Code Red I: vulnerability, payload, etc. • Nimda as an extension to Code Red II

Worming techniques • How worms search for vulnerabilities ? • How worms find computers that have exposed vulnerabilities ? • SYN packets • Hit list scanning • Methods to prepare initial candidate lists of IP addresses to scan.

Permutation scanning • Permutation: writing a program to scan all possible combinations • Use many computers to optimize scanning and reduce the time to complete scanning the entire IP addresses table. • Topological scanning • Flash worms • Contagion

Peer to Peer networks • • P 2 P system architecture characteristics Relation with worms Applications and websites using P 2 P. Reasons why P 2 P are good to spread worms through.

Worms communications • • Passive and active worms Proposing a CCDC: Internet emergency center Reasons to have CCDC. Identifying outbreaks.

CCDC-Analyzing new worms. • How experts discover worms ? • How they find ways to counter attack them? • Time challenge ? Find worms quickly before they spread, find ways to treat from worms. • Anticipating new threats • Public involvement

Internet worm • Worm guessing passwords • Methods for good selection of passwords and bad selections of passwords • Iphone worms