Routing worm: A fast, selective attack worm based on IP address information

Routing worm: A fast, selective attack worm based on IP address information (2003)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Cliff C. Zou , Don Towsley , Weibo Gong , Songlin Cai

Citations:

31 - 4 self

BibTeX

@TECHREPORT{Zou03routingworm:,
    author = {Cliff C. Zou and Don Towsley and Weibo Gong and Songlin Cai},
    title = {Routing worm: A fast, selective attack worm based on IP address information},
    institution = {},
    year = {2003}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Most well-known Internet worms, such as Code Red, Slammer, and Blaster, infected vulnerable computers by scanning the entire Internet IPv4 space. In this paper, we present a new scan-based worm called “routing worm”, which can use information provided by BGP routing tables to reduce its scanning space without ignoring any potential vulnerable computer. In this way, a routing worm can propagate twice to more than three times faster than a traditional worm. In addition, the geographic information of allocated IP addresses, especially BGP routing prefixes, enables a routing worm to conduct fine-grained selective attacks: hackers or terrorists can selectively impose heavy damage to vulnerable computers in a specific country, an Internet Service Provider, or an Autonomous System, without much collateral damage done to others. Routing worms can be easily implemented by attackers and they could cause considerable damage to our Internet. Since routing worms are scan-based worms, we believe that an effective way to defend against them and all other scan-based worms is to upgrade IPv4 to IPv6 — the vast address space of IPv6 ( 2 64 IP addresses for a single subnetwork) can prevent a worm from spreading through scanning. I.

Citations

425	How to own the internet in your spare time - Staniford, Paxson, et al. - 2002
222	Code-Red: a case study on the spread and victims of an internet worm - Moore, Shannon, et al. - 2002
180	Code Red Worm Propagation Modeling and Analysis - Zou, Gong, et al. - 2002
169	An Investigation of Geographic Mapping Techniques for Internet Hosts - Padmanabhan, Subramanian - 2001
131	Monitoring and early warning for internet worms - Zou, Gao, et al. - 2003
125	Very fast containment of scanning worms - Weaver, Staniford, et al.
123	Modeling the spread of active worms - Chen, Gao, et al. - 2003
122	A taxonomy of computer worms - Weaver, Paxson, et al. - 2003
83	Directed-graph epidemiological models of computer viruses - Kephart, White - 1999
76	2001): Epidemic Modelling: An Introduction - Daley, Gani
62	Measuring and modeling computer virus prevalence - Kephart, White - 1993
60	Fast Detection of Scanning Worm Infections - Schechter, Jung, et al.
60	An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques." http://www-unix.ecs.umass.edu/~lgao/ndss04.pdf - Wu, Gao
56	Directed-graph epidemiological models of computer viruses - White - 1991
56	Containment of scanning worms in enterprise networks - Staniford
53	A Tour of the Worm - Seeley
40	Computers and epidemiology - Kephart, Chess, et al. - 1993
40	Internet Protocol Version 6 (IPv6) Addressing Architecture", RFC 3513 - Hinden, Deering - 2003
30	Warhol Worms: The Potential for Very Fast Internet Plagues - Weaver - 2002
28	On the performance of internet worm scanning strategies - Zou, Towsley, et al. - 2003
27	Where in the World is netgeo.caida.org - Moore, Periakaruppan, et al. - 2000
24	The spread of the witty worm, http://www.caida.org/analysis/security/witty - Shannon, Moore - 2004
16	Coupled Kermack-McKendrick models for randomly scanning and bandwidth-saturating internet worms - Kesidis, Hamadeh, et al. - 2005
14	to own the Internet in your spare time - How - 2002
12	Dynamic graphs of the Nimda worm,” http://www.caida.org/dynamic/analysis/security/ nimda - CAIDA
11	kc claffy, “Where in the world is netgeo.caida.org - Moore, Periakaruppan, et al. - 2000
9	RFC 2373: IP version 6 addressing architecture - Hinden, Deering - 1998
8	R.: RFC 3041 - Privacy Extensions for Stateless Address Autoconfiguration in IPv6 - Narten, Draves - 2001
7	IPv6 global unicast address format - Hinden, Deering, et al. - 2003
5	The evolving virus threat - Nachenberg - 2000
5	How to find a host’s geographic location - Raz
4	BGP-system usage of 32 bit Internet address space - Braun - 1997
4	Today News. The cost of Code Red: $1.2 billion - USA
3	Visualizing Internet topology at a macroscopic scale,” http://www.caida.org/analysis/topology/as_core_network - CAIDA
3	Computer worm grounds flights, blocks ATMs - News
2	v4 Address Space Utilization - IP - 1998
2	Map project - World - 1979
2	IPv4 address space utilization - CAIDA - 1998
2	IPv4 BGP geopolitical analysis - CAIDA - 2003
2	Models of internet worm defense. IMA Workshop 4: Measurement, Modeling and Analysis of the Internet - Nicol - 2004
1	Hemminger et al. IPv6: An Internet Evolution. http://www.ipv6forum.org/navbar/papers/IPv6-an-Internet-Evolution.pdf - Chown, Doyle, et al.
1	Border Gateway Protocol (BGP). http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito doc/bgp.htm - Documents
1	Routing information service R.I.S. design note. http://www.ripe.net/projects/ris/Notes/ripe-200 - Antony, Uijterwaal - 1999
1	Reserved IPv4 addresses. http://www.cidr-report.org/v6/reserved-ipv4.html - IANA - 2004
1	world map project: IP address locator tool. http://www.geobytes.com/IpLocator.htm?GetLocation - Net
1	Security implications of IPv6 - Warfield - 2003