Lec 13: Malware II: Network Worms and Botnets Flashcards Preview

CSE 127: Intro to Security > Lec 13: Malware II: Network Worms and Botnets > Flashcards

Flashcards in Lec 13: Malware II: Network Worms and Botnets Deck (58)
Loading flashcards...
1

What are network worms?

2

How do network worms work?

3

What is the history behnid worms?

4

What is the history of the Morris Internet Worm?

5

How does Morris Worm Transmission work?

6

How did Morris Worm Infection work?

7

What did the Morris Worm Stealth/DoS work?

8

What is the history behind the modern worm era?

9

What are the technical enablers for worms?

10

How do we think about worm outbreaks?

11

What are the two think about when dealing with worm outbreaks and the SI model?

12

What can be done against worm outbreaks?

13

What is software quality prevention?

- against network worms

14

What are wrappers?

- network worm prevention technique

15

What is Software Heterogeneity?

- network worm prevention technique

16

What is software updating prevention technique?

- network worm prevention

17

What is the known exploit blocking prevention technique?

- network worm prevention

18

What is hygiene enforcement?

- network worm prevention technique

19

What is network worm treatment? What are the two issues with it?

20

What are white worms?

21

What is network worm containment? What are the two types of containment?

22

What are the requirements for quarantining network worms? How can we define reactive defenses?

23

What makes worm containment difficult?

24

What is Slammer (2003)?

- network worm

25

Was Slammer really fast?

26

Network worm outbreak detection/monitoring. What are the two classes of monitors?

27

What are network telescopes?

28

Why do telescopes work?

29

What is Code Red's Growth vs it's patch rate?

30

What is the global animation of an outbreak?

31

What are the problems with telescopes?

32

What are the overall limitations of telescope, honey net, etc. monitoring?

33

How do you detect worms on your network?

34

What is scan detection?

35

What is signature inference?

36

What is the approach for signature inference?

37

What is content sifting?

38

What does the content sifting algorithm look like in a diagram?

39

What are the challenges to content shifting?

40

What is Earlybird?

41

What is the results of Earlybird?

42

What is UCSD's relationship with content sifting technologies?

43

What are the limitations to content sifting?

44

What are distributed detection issues? What do we do about it?

45

So you've taken over 100,000 machines, now what?

46

What is a botnet?

47

What is the history of botnet?

48

What is the first major motivation of batnets?

49

How do botnets get created?

50

What is architecture of a botnet?

51

What is storm peer-to-peer botnet?

- type of botnet architecture

52

Wha is the Agobot?

53

What are some of the Agobot Commands?

54

How do bots build on one another?

55

How do you detect botnets?

56

How do you disrupt bots?

57

What is command and control disruption?

58

What gets in the way of cleaning bots?