Sciweavers

CMS
2006

TAO: Protecting Against Hitlist Worms Using Transparent Address Obfuscation

14 years 26 days ago
TAO: Protecting Against Hitlist Worms Using Transparent Address Obfuscation
Abstract. Sophisticated worms that use precomputed hitlists of vulnerable targets are especially hard to contain, since they are harder to detect, and spread at rates where even automated defenses may not be able to react in a timely fashion. Recent work has examined a proactive defense mechanism called Network Address Space Randomization (NASR) whose objective is to harden networks specifically against hitlist worms. The idea behind NASR is that hitlist information could be rendered stale if nodes are forced to frequently change their IP addresses. However, the originally proposed DHCP-based implementation may induce passive failures on hosts that change their addresses when connections are still in progress. The risk of such collateral damage also makes it harder to perform address changes at the timescales necessary for containing fast hitlist generators. In this paper we examine an alternative approach to NASR that allows both more aggressive address changes and also eliminates the...
Spyros Antonatos, Kostas G. Anagnostakis
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2006
Where CMS
Authors Spyros Antonatos, Kostas G. Anagnostakis
Comments (0)