david moore's analysis of code red: episode 0/1 is at
[funded by DARPA's ITO office NGI/NMS programs,
NSF ANIR, and CAIDA members, david a caida PI]
definitely check out jeff brown's animation at bottom;
watch carefully around 15:00 for pretty ominous elbow
in infection rate (get an epidemiologist to look at it
without telling them what it is...)
360,000 machines (well, IP addresses) infected
in under 14 hours.
..in the final analysis, we should all
be uncomfortable with the extent to which luck,
rather than proactive diligence, maintains the
stability of the Internet infrastructure.
it goes without saying that many hosts are still vulnerable.
and will likely remain so (to this or the next poison)
until our luck runs out. do we expect the next version
to have the two weaknesses christopher pointed out today?
do we expect the next version won't clear every 3rd bit on
the hard drive?
almost makes me wonder if some white hat might (should?) have
been behind CodeRed as some 'vaccination' attempt.
"The bad news is, nobody will do anything about
critical infrastructure protection until there's
a global catastrophic failure," said Rasch.
The good news is, there will be a global catastrophic failure."
the worse news is: protecting 'critical infrastructure'
is far from enough. again from
This assault also demonstrates that machines operated by home
users or small businesses (hosts less likely to be maintained
by a professional sysadmin) are integral to the robustness of
the global Internet. As is the case with biologically active
pathogens, vulnerable hosts can and do put everyone at risk,
regardless of the significance of their role in the population.
fwiw, caida trying to do gentle survey of patching speed,
ps: john maddog hall (linux int'l) had a great slide a
few months ago at UCSD talk; upshot something like
INSTALLED BASE (EARTH)
+ 20 million linux systems
+ 450 million gates licenses
==> 4.4 - 6.6 % of the population total
... world population: ~6B
==> 5.4 billion people haven't selected an OS yet
[k: maybe we can get them on OS-antioxidants
before it's too late]