N. Weaver. Warhol worms: The potential for very fast Internet plagues. http://www.cs.berkeley.edu/#nweaver/warhol.html, 2001.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... that a systems administrator is responsible for and InternetHosts isthe number of hosts on the Internet) Not every host with a vulnerability will be attacked, although in the wake of real world events such as the spread of Code Red [6] and its variants, as well as work on Flash [26] and Warhol [28] worms, it seems that it may be fair to make that assumption. Thus we will consider both probabilities p fail and p breach as functions of time (t) and write them p fail (t) and p breach (t) Next, we want to to develop two cost functions: e patch (t) cost of patching at a given time t. ....

.... mda worms, which were so virulent that some Timing the Application of Security Patches for Optimal Uptime Beattie, et al. analysts conjectured that the security administrators of the Internet could not patch systems fast enough to stop them [20] Even more virulent worm systems have been devised [28, 26] so the problems of when to patch and can we patch fast enough are very real. The recent survey of rates of exploitation [4] was critical to our work. In seeking to optimize the tradeoffbetween urgent and cautious patching, it is important to understand both forms of pressure, and Browne, et ....

Weaver,Nicholas C., Warhol Worms: The Potential for Very Fast Internet Plagues,http://www. cs.berkeley.edu/nweaver/warhol.html, August 2001.

....approach of sending email warnings. Specifically, once a new virus is discovered, the administrator can update all selfsecuring NIs to identify propagation attempts to and from their hosts, prevent them, and identify machines already infected. Second, the recent Code Red worm [8] and follow ons [9, 41]) can be readily identified by the traffic pattern at a self securing NI. Specifically, these worms spread exponentially by the abnormal behavior of targeting large numbers of randomly chosen IP addresses with no corresponding DNS translations. Digging deeply into network traffic, as promoted ....

....in the Internet in less than a day [27] Specifically, these worms spread exponentially by having each compromised machine target random 32 bit IP addresses. Extensions to this basic algorithm, such as hitlist scanning and local subnet scanning, can reduce the propagation time to less than an hour [41]. Looking deeply at the network traffic, however, reveals an abnormal signature: contacting new IP addresses without first performing DNS translations. Although done occasionally, such behavior is uncommon, particularly when repeated rapidly. To detect this, a selfsecuring NI can shadow its one ....

[Article contains additional citation context not shown here]

N. Weaver. Warhol Worms: The Potential for Very Fast Internet Plagues, posted August 15, 2001. http://www.cs.berkeley.edu/nweaver/warhol.html.

No context found.

N. Weaver. Warhol worms: The potential for very fast Internet plagues. http://www.cs.berkeley.edu/#nweaver/warhol.html, 2001.

No context found.

N. C. Weaver. Warhol worms: The potential for very fast internet plagues, 15 Aug. 2001. http://www.cs. berkeley.edu/nweaver/warhol.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC