Worms Could Dodge Net traps 58
Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"
Passive scanning? (Score:1, Informative)
That would essentially make the device invisible - all you'd then have to do is have your network of passive detectors inform you when odd traffic passes through.
Re:Passive scanning? (Score:3, Informative)
What the paper refers to is sites that publish information about network traffic they see. Some print tables with statistics and others generate graphs of network traffic levels. Their technique is basically a way to map where the passive listening points are based on the traffic reports these sites create. They strategically generate traffic which creates measurable spikes, and these show up in the reports. They use this information to determine where the listeners are.
DSheild Discussion (Score:3, Informative)
For those of you who don't know, DShield [dshield.org] is precisely one of the 'early-warning sensor' networks the article is talking about.
Re:Quick Summary (Score:3, Informative)
Sorry, but I'm not seeing where the obscurity is eliminated. The entire article basically says "It's easy to make Internet Network Sensors not work by easily identifying them (can be done in a week) and then avoiding them." The only solution the article offers is:
The threat could be diminished, both studies said, if the information in the networks' public reports was less detailed.
Which to me is saying "If the network's public information was obscured a bit more, it'd work better." So they're saying obscurity through security would work better then the current system.