Before Morris Worm,Computer Security is: Encryption Decryption Access Control ·DAC ·MAC ·Logic Bomb Back Door 6
6 Before Morris Worm, Computer Security is: • Encryption & Decryption • Access Control • DAC • MAC • Logic Bomb • Back Door
Until 1988... Access Control Encryption Decryption Computer Security Logic Bomb Back Door
7 Until 1988… Access Control Encryption & Decryption Logic Bomb Back Door … Computer Security ≠
Morris Worm Author:Robert Tappan Morris Generating IP address(Randomly) Address detection Y Attack, Is the host Is the & real? Vulnerability Infection exist? N N 8
8 Morris Worm Generating IP address(Randomly) Address detection Is the host real? Is the Vulnerability exist? Attack, & Infection Y Y N N Author: Robert Tappan Morris
Morris Worm Vulnerability:Buffer Overflow Attack Infection Hijack control flow execute SHELLCODE Add the virus to the head or tail of the program 9
9 Morris Worm • Vulnerability: Buffer Overflow • Attack & Infection • Hijack control flow & execute SHELLCODE • Add the virus to the head or tail of the program
Effect of Morris Worm The U.S.Government Accountability Office put the cost of the damage at $100,000-10,000,000. Around 6,000 major UNIX machines were infected by the Morris worm(about 60,000 computers attached to the Internet). Prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University 10
10 Effect of Morris Worm • The U.S. Government Accountability Office put the cost of the damage at $100,000–10,000,000. • Around 6,000 major UNIX machines were infected by the Morris worm(about 60,000 computers attached to the Internet). • Prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University