...
This blog has no purpose
...
David Scott
dave@recoil.org
| June 2005 | ||||||
|---|---|---|---|---|---|---|
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||
RSS Feed
Subscribe to an RSS feed.
Affiliations
Other blogs
Except where otherwise noted, this blog is licensed under a Creative Commons License.
Tue, 14 Jun 2005
Just read: The Effect of DNS Delays on Worm Propagation in an IPv6 Internet
by Abhinav Kamra and Hanhua Feng and Vishal Misra and Angelos D. Keromytis . Proceedings of Infocom 2005, march 2005.
Notes:
I found this paper linked from the
Worm Blog. Memorable quote from the abstract:
"It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network..."
Although they focus on low-level address-scanning worms, they do point out that email worms operate completely independently of the Internet address scheme. They describe models of hypothetical worms which would use pipelined random DNS name lookups and conclude that they could run almost as fast as raw IPv4 address scanning worms (so the worm would constantly guess names like www.somedomain.com)
They suggest employing traffic monitoring software near DNS servers to spot dodgy activity. I was wondering if we could usefully restrict access to the name system to slow down these attacks? Perhaps everyone has to authorise lookups via a smartcard/PDA and/or is rate-limited as well? It's a tricky one since obviously there is a tension between making good communication easy while making bad communication difficult...
It does beg the question of why so many computers have names as well as addresses. Since I never want to log into my laptop remotely, it doesn't need a name. However a lot of current applications seem to prefer all IP addresses to have associated names (to help prevent address spoofing?) and suffer large name lookup delays when they don't (like ssh - I had to add an entry to DNS for a laptop yesterday just because of that)
| Read pdf | Download bibtex |