{"title":"DNS延迟对IPv6网络中蠕虫传播的影响","authors":"A. Kamra, Hanhua Feng, V. Misra, A. Keromytis","doi":"10.1109/INFCOM.2005.1498526","DOIUrl":null,"url":null,"abstract":"It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm in this paper. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world. We also develop a simulator based on our analytical model. Simulation results based on parameters chosen from real measurements and the current Internet indicate that an intelligent worm can spread surprising fast in an IPv6 world by using simple strategies. The performance of the worm depends heavily on these strategies, which in turn depend on how secure the directory and naming services of a network are. As a result, additional work is needed in developing detection and defense mechanisms against future worms, and our work identifies directory and naming services as the natural place to do it.","PeriodicalId":20482,"journal":{"name":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","volume":"1 1","pages":"2405-2414 vol. 4"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":"{\"title\":\"The effect of DNS delays on worm propagation in an IPv6 Internet\",\"authors\":\"A. Kamra, Hanhua Feng, V. Misra, A. Keromytis\",\"doi\":\"10.1109/INFCOM.2005.1498526\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm in this paper. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world. We also develop a simulator based on our analytical model. Simulation results based on parameters chosen from real measurements and the current Internet indicate that an intelligent worm can spread surprising fast in an IPv6 world by using simple strategies. The performance of the worm depends heavily on these strategies, which in turn depend on how secure the directory and naming services of a network are. As a result, additional work is needed in developing detection and defense mechanisms against future worms, and our work identifies directory and naming services as the natural place to do it.\",\"PeriodicalId\":20482,\"journal\":{\"name\":\"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.\",\"volume\":\"1 1\",\"pages\":\"2405-2414 vol. 4\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-03-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"42\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFCOM.2005.1498526\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOM.2005.1498526","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The effect of DNS delays on worm propagation in an IPv6 Internet
It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network, and we model the behavior of such a worm in this paper. We explore via analysis and simulation the spread of such worms in an IPv6 Internet. Our results indicate that such a worm can exhibit propagation speeds comparable to an IPv4 random-scanning worm. We develop a detailed analytical model that reveals the relationship between network parameters and the spreading rate of the worm in an IPv6 world. We also develop a simulator based on our analytical model. Simulation results based on parameters chosen from real measurements and the current Internet indicate that an intelligent worm can spread surprising fast in an IPv6 world by using simple strategies. The performance of the worm depends heavily on these strategies, which in turn depend on how secure the directory and naming services of a network are. As a result, additional work is needed in developing detection and defense mechanisms against future worms, and our work identifies directory and naming services as the natural place to do it.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
