In the analysis of the potential future of Internet worms, the paper describes several problems with the design and implementation of current worms. These are necessary to assess a likely future for worm designs. The first limitation is in the worm’s capabilities. These limitations are found in all aspects of the worm’s behavior, including its attack and reconnaissance actions. For network-based intrusion detection, the signatures of the remote attacks can be quickly identified and associated with the spread of the worm. This reconnaissance traffic can also be associated with the worm, identifying the source nodes as compromised.
The second major problem with worms as they are currently found is in the growth rates associated with the worms. Because the worms have a finite set of known attacks they can use, they have a limited pool of potential targets. As the worm grows rapidly, it consumes this pool of victims, removing them from the list of available machines.
Read the rest of this entry »
Ramen worm which appeared in late 2000 to early 2001, and characterize this instance. Max Vision has written an excellent dissection of the Ramen worm, including the life cycle, which should also be studied. In mapping these components to a worm found in the wild, we can see how they come together to form a functional worm.
Ramen was a monolithic worm, which is to say that each instance of an infected host has the same files placed on it with the same capabilities. There exists some flexibility by using three different attack possibilities and by compiling the tools on both RedHat Linux versions 6.2 and 7.0, but each set of files (obtained as the tar package “ramen.tgz”) is carried with each instance of the worm.
Read the rest of this entry »
Often discussed but rarely investigated are the financial costs associated with the continual presence of worms on the Internet. Worms by their very nature continue to work long after their introduction. Similar to the scenario faced by populations battling diseases and plagues, worms can be almost impossible to eliminate until long after the targets are removed from the Internet. This continued activity consumes resources and causes an increase in operational costs.
Some quick “back of the envelope” calculations from Tim Mullen illustrate the scale of the problem.1 In their work on the persistence of Code Red and Nimda, Dug Song et al. counted approximately 5 million Nimda attempts each day.
Read the rest of this entry »
Until recently, network security was something that the average home user did not have to understand. Hackers were not interested in cruising for hosts on the dial-up modems of most private, home-based users. The biggest concern to the home user was a virus that threatened to wipe out all of their files (which were never backed up, of course).
Now the situation has changed. Broadband technologies have entered the common home, bringing the Internet at faster speeds with 24-hour connectivity. Operating systems and their application suites became network centric, taking advantage of the Internet as it grew in popularity in the late 1990s. And hackers decided to go for the number of machines compromised and not high-profile systems, such as popular Web sites or corporate systems.
Read the rest of this entry »
With the exception of companion viruses, viruses operate by changing files. An integrity checker exploits this behavior to find viruses, by watching for unauthorized changes to files.
Integrity checkers must start with a perfectly clean, 100% virus-free system, it is impossible to understate this. The integrity checker initially computes and stores a checksum for each file in the system it’s watching. Later, a file’s checksum is recomputed and compared against the original, stored checksum. If the checksums are different, then a change to the file occured.
Read the rest of this entry »
Managing your money or financial funds might not be easy, although you might have read it in the books or tv shows that you should schedule your expenditures and your income, but in the real world you might wonder how does you start those schedule.
There are easy solutions for that, if your problem is in scheduling or don’t know how to start it, then you could use personal finance software. The software itself are vary, some you could download it for free.
Read the rest of this entry »
Since computer technology were introduced, the other related supportive tools are also improving. One of it is Network, with network we could travel the world less then a second, there are no limit to far and no obstacle to hard.
Network itself rely on connection quality, which the first and still being used until now is cable. Cable itself also being used for common electric peripherals.
Read the rest of this entry »