Worms Could Dodge Net traps 58
Danse writes "ZDNet reports that future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken. According to papers presented at the Usenix Security Symposium, just as surveillance cameras are sometimes hidden the locations of the Internet sensors are kept secret. From the article: 'If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data.' A team of computer scientists from the University of Wisconsin wrote up the background in their award-winning paper titled 'Mapping Internet Sensors with Probe Response Attacks.'"
Conclusion = obvious (Score:5, Insightful)
Solution: Don't open holes and then fill them with trip wires. Just fill up the hole (via patch or otherwise) in the first place.
But... (Score:2, Insightful)
I wonder how long before... (Score:5, Insightful)
We already have a form of White IC - simple detection, non-aggressive measures. How long before we have more active Grey IC - Tar Babies (similar to today's honey pots), Tar Pits, Blaster - and ultimately, Black IC - seeking out the source of the intrusion and in turn, destroying the origin of attack?
Would a big, multi-national corporation get punished for "accidentally" frying the computer of someone who was thought to be intruding into the corporation's computers? I seriously doubt it.
wow (Score:2, Insightful)
i know an easy fix.. i see in the paper "bandwidth for the fractional T3 attacker and the OC6 attacker could be achieved by using around 250 and 2,500 cable modems".. i wish more cable ISPs were responsive to abuse complaints, or would notice certain bot-like activity like many DDoS attacks coming from their network. hell i've read my sshd logs and was amazed at the amount of US cable/dsl scans. you know that's a bot at work.
That is to be expected (Score:5, Insightful)
Solution: Needs more sensors. (Score:2, Insightful)
Solution: Needs more sensors.
If the number of sensors is brought to the point where it becomes impractical to map them, voila no more sensor evasion.
This obviously would be harder to impliment than spoken. Maybe if a sensor implimentation came as an optional standard with server software.
Heh, I can speculate.
Or alternatively (Score:4, Insightful)
The number of companies getting fat over those needless insecurities is just gross...
Re:Conclusion = obvious (Score:4, Insightful)
Security isn't easy, and fixing holes with patches isn't easy. It takes time, skill and money. Placing a trip wire as a stop-gap measure is helpful, especially if the hole takes years to fix (without creating more holes).
If you can do better, then by all means do so. But the security war will never be won by those securing the systems.
You would like them to be that advanced (Score:3, Insightful)
In some cases (not always, unfortunately) this causes them to lose their account and thus their way to get replies and possible revenue.
What I would have liked is that they detected "when we send mail to this address we lose our account" and put that address on some blacklist to send no more scams.
But, this has not happened. So, I don't think there is any cleverness behind it, they just scatterbomb and hope the don't hit a whistleblower.