D. Moore. The Spread of the Code-Red Worm (CRv2), 2001. http://www.caida.org/analysis/security/codered /coderedv2 analysis.xml. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Finding and Containing Enemies Within the Walls With.. - Ganger, Economou.. (2003) (1 citation) (Correct)
....attack, the scanner, relevant performance data, and associated issues. 4. 1 Detecting IP based propagation A highly visible network attack in 2001 was the Code Red worm (and its follow ons) that propagated rapidly once started, hitting most susceptable machines in the Internet in less than a day [26]. What the scanner looks for: The Code Red worm and follow ons spread exponentially by having each compromized machine target random 32 bit IP addresses. This propagation approach is highly effective because the IP address space is densely populated and relatively small. But, it exhibits an ....
....for one of the SYN packets every six seconds. This allows such connections to make progress, somewhat balancing the potential for false positives with the desire for containment. If all susceptible hosts were watched and contained in this way, the 14 hour propagation time of Code Red (version 2) [26] would have grown to over a month (assuming the original scan rate was 10 per second per infected machine [35] Although we see none in our networks, DNS traffic can be passed on TCP port 53 as well. Our current scanner will not see this, but could easily be extended to do so. 12 Performance ....
D. Moore. The Spread of the Code-Red Worm (CRv2), 2001. http://www.caida.org/analysis/security/code-red/coderedv2 analysis.xml.
Self-Securing Network Interfaces: What, Why and How - Ganger, Economou, Bielski (2002) (Correct)
....prevent such spoofing easily, even if the host OS has been compromised. Random, exponential spread (Code Red) A highly visible network attack in 2001 was the Code Red worm (and follow ons) that propagated rapidly once started, hitting most susceptable machines in the Internet in less than a day [27]. Specifically, these worms spread exponentially by having each compromised machine target random 32 bit IP addresses. Extensions to this basic algorithm, such as hitlist scanning and local subnet scanning, can reduce the propagation time to less than an hour [41] Looking deeply at the network ....
....six seconds. This allows such connections to make progress, somewhat balancing the potential for false positives with the desire for containment. If all susceptible hosts were equipped with self securing NIs, this policy would have increased the 14 hour propagation time of Code Red (version 2) [27] to over a month (assuming the original scan rate was 10 second per infected machine [41] Two extensions to the current scanner are under consideration. First, the scanner can log the exchanges of random connections via the alert interface, allowing an administrator to study them at her ....
D. Moore. The Spread of the Code-Red Worm (CRv2), 2001. http://www.caida.org/analysis/security/code-red/coderedv2 analysis.xml.
Flash Crowds and Denial of Service Attacks.. - Jung, Krishnamurthy, .. (2002) (41 citations) (Correct)
....broadly we consider any attempt to undermine a Web site to be a denial of service attack. Examples of attacks include TCP SYN ooding [1] HTTP request ooding including an attack to crack down password protected web pages, or attempting to crash a Web server such as the recent Code Red attack [23]. The key semantic di erence between an FE and DoS is that the former represents legitimate access of the Web site while the latter does not. However, this does not help in distinguishing between the two automatically. One needs to develop behavioral di erences between the two phenomena after ....
D. Moore. The Spread of the Code-Red Worm (CRv2). http://www.caida.org/analysis/security/ code-red/coderedv2_analysis.xml, Aug. 2001.
Flash Crowds and Denial of Service Attacks.. - Jung, Krishnamurthy (2002) (41 citations) (Correct)
....consider any attempt to undermine a Web site to be a denial of service attack. Examples of attacks include TCP SYN flooding [1] HTTP request flooding including an attack to crack down password protected web pages, or attempting to crash a Web server such as the recent Code Red attack [23]. The key semantic difference between an FE and DoS is that the former represents legitimate access of the Web site while the latter does not. However, this does not help in distinguishing between the two automatically. One needs to develop behavioral differences between the two phenomena after ....
D. Moore. The Spread of the Code-Red Worm (CRv2). http://www.caida.org/analysis/security/ code-red/coderedv2analysis.xml, Aug. 2001.
Applications - Stanley Bielski Of (Correct)
No context found.
D. Moore. The Spread of the Code-Red Worm (CRv2), 2001. http://www.caida.org/analysis/security/codered /coderedv2 analysis.xml.
Epidemic Spreading in Technological Networks - Leveille (2002) (2 citations) (Correct)
No context found.
David Moore. The spread of the code-red worm (crv2), Checked on the 30/08/2002. At http://www.caida.org/analysis/ security/codered /coderedv2-analysis.xml.
Detecting Early Worm Propagation through Packet Matching - Xuan Chen And (Correct)
No context found.
D. Moore and C. Shannon. The spread of the code-red worm (CRv2). Technical for Internet Data Analysis, 2002. http://www.caida.org/analysis/security/codered /coderedv2 analysis.xml.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC