Flash Worms

From: Stuart Staniford (stuart@silicondefense.com)
Date: 08/17/01

Message-ID: <3B7C69D1.9817DACF@silicondefense.com>
Date: Thu, 16 Aug 2001 17:48:17 -0700
From: Stuart Staniford <stuart@silicondefense.com>
To: incidents@securityfocus.com, focus-ids@securityfocus.com
Subject: Flash Worms

After reading Nick Weaver's excellent analysis of the Warhol worm idea (a
worm that can infect all vulnerable servers on the Internet in less than 15
minutes), we at Silicon Defense came up with a variant of his design that
could go faster.

We argue that a well-prepared and well-designed worm could infect all
vulnerable Internet servers in less than thirty seconds - something we are
calling a Flash Worm.

If you weren't already numb with terror about how to cope with what's
likely to come down your favorite Internet pipe in the next year or two:



Stuart Staniford     ---     President     ---     Silicon Defense
         ** Silicon Defense: Technical Support for Snort **
mailto:stuart@silicondefense.com  http://www.silicondefense.com/
(707) 445-4355 x 16                           (707) 445-4222 (FAX)

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com