论文信息 - A Snapshot of Global Internet Worm Activity

A Snapshot of Global Internet Worm Activity

In this paper, we present a snapshot of Internet worm activity from September to November 2001, bearing witness to the rise of Nimda (and Nimda.E), the death of CodeRedII (and CodeRed.d), and a resurrection of the original CodeRed. We determine the demographics of the various worm-infected populations, and make predictions as to their future growth, attrition, and impact. These findings represent the early results of our ongoing research in “blackhole monitoring” – the instrumentation and analysis of an unused class A network, or 1/256 of the entire Internet address space, for evidence of global Internet attack activity.

[1] George M. Weaver,et al. Trends in Denial of Service Attack Technology CERT ® Coordination Center , 2001 .

[2] Kevin J. Houle,et al. Trends in Denial of Service Attack Technology , 2001 .

[3] Robert Stone,et al. CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.