Hello all: You might find this article interesting reading ... Cheers, Nevil ------------------------------------------------------------- Nevil Brownlee Internet Researcher Phone: (858) 534 8338 CAIDA, San Diego ---------- Forwarded message ---------- Date: Tue, 24 Jul 2001 22:35:37 -0700 From: k claffy To: nanog(a)nanog.org Cc: caida(a)caida.org Subject: 'we should all be uncomfortable with the extent to which luck..' david moore's analysis of code red: episode 0/1 is at http://www.caida.org/analysis/security/code-red/ [funded by DARPA's ITO office NGI/NMS programs, NSF ANIR, and CAIDA members, david a caida PI] definitely check out jeff brown's animation at bottom; watch carefully around 15:00 for pretty ominous elbow in infection rate (get an epidemiologist to look at it without telling them what it is...) 360,000 machines (well, IP addresses) infected in under 14 hours. from conclusion: // ..in the final analysis, we should all be uncomfortable with the extent to which luck, rather than proactive diligence, maintains the stability of the Internet infrastructure. // it goes without saying that many hosts are still vulnerable. and will likely remain so (to this or the next poison) until our luck runs out. do we expect the next version to have the two weaknesses christopher pointed out today? do we expect the next version won't clear every 3rd bit on the hard drive? almost makes me wonder if some white hat might (should?) have been behind CodeRed as some 'vaccination' attempt. "The bad news is, nobody will do anything about critical infrastructure protection until there's a global catastrophic failure," said Rasch. The good news is, there will be a global catastrophic failure." -- http://www.nando.net/technology/story/44887p-694372c.html the worse news is: protecting 'critical infrastructure' is far from enough. again from http://www.caida.org/analysis/security/code-red/ This assault also demonstrates that machines operated by home users or small businesses (hosts less likely to be maintained by a professional sysadmin) are integral to the robustness of the global Internet. As is the case with biologically active pathogens, vulnerable hosts can and do put everyone at risk, regardless of the significance of their role in the population. fwiw, caida trying to do gentle survey of patching speed, see http://worm-security-survey.caida.org/ k ps: john maddog hall (linux int'l) had a great slide a few months ago at UCSD talk; upshot something like INSTALLED BASE (EARTH) + 20 million linux systems + 450 million gates licenses ==> 4.4 - 6.6 % of the population total ... world population: ~6B ==> 5.4 billion people haven't selected an OS yet [k: maybe we can get them on OS-antioxidants before it's too late] --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog