Worm propagation strategies in an IPv6 Internet
I like this paper, not only because it dispells a myth but it's also the same line of arguments I've been using for years. Thanks to Ismael for the tip.
We discuss a number of strategies worms could use in an IPv6-based Internet to find new targets. We separate these into two categories, wide-area and local-area searches, somewhat mirroring the IPv6 address architecture. We argue that worms will use different types of information sources to first determine existing networks and establish a presence there, and then spread locally inside an organization. We hope to illustrate that simple reliance on the IPv6 address space for protection against scanning worms is not a wise defensive strategy, and we suggest areas where research could assist in detecting and limiting future worm propagation.
Source: worm propagation strategies in an IPv6 Internet, Steven M. Bellovin, Bill Cheswick, and Angelos D. Keromytis.
February 11, 2006 in IPv6, papers | Permalink | Comments (1)
Fast Worm Propagation In IPv6 Networks
Another post which looks at the possible effects of an IPv6 Internet on worm propogation. Fast Worm Propagation In IPv6 Networks, by Jing Yang. This time it's a PowerPoint presentation, full of analysis and lots of bullet points. This slide deck is quite readable, by the way, even without any aditional notes. The author goes from a classic, "it would take eons to scan the entire IPv6 address space" to a position which shows, quite handily, how a worm could successfully operate in an IPv6 Internet and still be efficient (although maybe not as efficient as an IPv4 worm). A worthwhile read as we look ahead to IPv6 deployments seeing wider use.June 11, 2005 in IPv6, papers | Permalink | Comments (1)
The Effect of DNS Delays on Worm Propagation in an IPv6 Internet
Finally, a paper that look at the common idea that IPv6 networks will be safe from worm attacks.I think this paper says it better than I have been able to for the past couple of years.
It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm in this paper. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world. We also develop a simulator based on our analytical model. Simulation results based on parameters chosen from real measurements and the current Internet indicate that an intelligent worm can spread surprising fast in an IPv6 world by using simple strategies. The performance of the worm depends heavily on these strategies, which in turn depend on how secure the directory and naming services of a network are. As a result, additional work is needed in developing detection and defense mechanisms against future worms, and our work identifies directory and naming services as the natural place to do it.
Source: The Effect of DNS Delays on Worm Propagation in an IPv6 Internet, Abhinav Kamra, Hanhua Feng, Vishal Misra and Angelos D. Keromytis.
June 10, 2005 in IPv6, papers | Permalink | Comments (1)
