Lec 13: Malware II: Network Worms and Botnets Flashcards Preview

CSE 127: Intro to Security > Lec 13: Malware II: Network Worms and Botnets > Flashcards

Flashcards in Lec 13: Malware II: Network Worms and Botnets Deck (58)
Loading flashcards...
1
Q

What are network worms?

A
2
Q

How do network worms work?

A
3
Q

What is the history behnid worms?

A
4
Q

What is the history of the Morris Internet Worm?

A
5
Q

How does Morris Worm Transmission work?

A
6
Q

How did Morris Worm Infection work?

A
7
Q

What did the Morris Worm Stealth/DoS work?

A
8
Q

What is the history behind the modern worm era?

A
9
Q

What are the technical enablers for worms?

A
10
Q

How do we think about worm outbreaks?

A
11
Q

What are the two think about when dealing with worm outbreaks and the SI model?

A
12
Q

What can be done against worm outbreaks?

A
13
Q

What is software quality prevention?

A
  • against network worms
14
Q

What are wrappers?

A
  • network worm prevention technique
15
Q

What is Software Heterogeneity?

A
  • network worm prevention technique
16
Q

What is software updating prevention technique?

A
  • network worm prevention
17
Q

What is the known exploit blocking prevention technique?

A
  • network worm prevention
18
Q

What is hygiene enforcement?

A
  • network worm prevention technique
19
Q

What is network worm treatment? What are the two issues with it?

A
20
Q

What are white worms?

A
21
Q

What is network worm containment? What are the two types of containment?

A
22
Q

What are the requirements for quarantining network worms? How can we define reactive defenses?

A
23
Q

What makes worm containment difficult?

A
24
Q

What is Slammer (2003)?

A
  • network worm
25
Q

Was Slammer really fast?

A
26
Q

Network worm outbreak detection/monitoring. What are the two classes of monitors?

A
27
Q

What are network telescopes?

A
28
Q

Why do telescopes work?

A
29
Q

What is Code Red’s Growth vs it’s patch rate?

A
30
Q

What is the global animation of an outbreak?

A
31
Q

What are the problems with telescopes?

A
32
Q

What are the overall limitations of telescope, honey net, etc. monitoring?

A
33
Q

How do you detect worms on your network?

A
34
Q

What is scan detection?

A
35
Q

What is signature inference?

A
36
Q

What is the approach for signature inference?

A
37
Q

What is content sifting?

A
38
Q

What does the content sifting algorithm look like in a diagram?

A
39
Q

What are the challenges to content shifting?

A
40
Q

What is Earlybird?

A
41
Q

What is the results of Earlybird?

A
42
Q

What is UCSD’s relationship with content sifting technologies?

A
43
Q

What are the limitations to content sifting?

A
44
Q

What are distributed detection issues? What do we do about it?

A
45
Q

So you’ve taken over 100,000 machines, now what?

A
46
Q

What is a botnet?

A
47
Q

What is the history of botnet?

A
48
Q

What is the first major motivation of batnets?

A
49
Q

How do botnets get created?

A
50
Q

What is architecture of a botnet?

A
51
Q

What is storm peer-to-peer botnet?

A
  • type of botnet architecture
52
Q

Wha is the Agobot?

A
53
Q

What are some of the Agobot Commands?

A
54
Q

How do bots build on one another?

A
55
Q

How do you detect botnets?

A
56
Q

How do you disrupt bots?

A
57
Q

What is command and control disruption?

A
58
Q

What gets in the way of cleaning bots?

A