Inside the slammer worm

被引：364

作者：

Moore, David ^{[1
]}

Paxson, Vern ^{[2
]}

Savage, Stefan ^{[3
]}

Shannon, Colleen ^{[4
]}

Staniford, Stuart ^{[5
]}

Weaver, Nicholas ^{[6
]}

机构：

[1] Coop. Assoc. for Internet Data Anal., University of California, San Diego

[2] Intl. Computer Science Institute, Lawrence Berkeley Natl. Laboratory

[3] University of California, San Diego

[4] Silicon Defense, University of California, Berkeley

来源：

IEEE Security and Privacy | 2003年 / 1卷 / 04期

基金：

美国国家科学基金会;

关键词：

Algorithms - Automatic teller machines - Bandwidth - Internet - Mathematical models - Monitoring - Outages - Perturbation techniques - Queueing networks - Servers;

D O I：

10.1109/MSECP.2003.1219056

中图分类号：

学科分类号：

摘要：

The characteristic features of spread of Slammer worm are discussed. The worm's spreading strategy uses random scanning which randomly selects IP addresses, eventually finding and infecting all susceptible hosts. Slammer's scanner is limited by each compromised machine's Internet bandwidth. Slammer uses a linear congruent or power residue pseudo random number generation (PRNG) algorithm. The scanner of Slammer produced a heavy load in large traffic volume, lots of packets and large number of new destinations.

引用

页码：33 / 39

页数：6

共 4 条

[1]

Staniford S., Paxson V., Weaver N., How to own the Internet in your spare time, Proc. 11th Security Symp. (SEC 02), pp. 149-167, (2002)

[2]

Moore D., Shannon C., Brown J., Code-red: A case study on the spread and victims of an Internet worm, Proc. 2nd ACM Internet Measurement Workshop, pp. 273-284, (2002)

[3]

Moore D., Network telescopes: Observing small or distant security events, 11th Usenix Security Symp. (SEC 02), (2002)

[4]

Moore D., Et al., Internet quarantine: Requirements for containing self-propagating code, Proc. 2003 IEEE Infocom Conf., (2003)

← 1 →