Dmitry O. Gryaznov Network Associates Inc.
Taking down the Internet
Today, with hundreds of millions of not-so-computer-savvy users having broadband access to the Internet worldwide, the dangers of Distributed Denial of Service (DDoS) attacks have become very real. It is feasible to mount such an attack, involving hundreds of thousands of compromised and/or infected computers, on so large a scale as to practically shut down not only individual sites or Internet Service Providers (ISP) but the Internet as a whole as well. Internet users are being spammed and flooded with numerous backdoor Trojans disguised as something else through email, Usenet, Internet Relay Chat (IRC), peer-to-peer (P2P) networks, etc. Many such Trojans can be used to mount a DDoS. As an illustration of what can be achieved with a big enough number of compromised computers the case of W32/SQLSlammer virus is considered. At the height of its outbreak up to 20% of all IP packets were lost being dropped by overloaded Internet backbone routers. And the virus managed to infect hundreds of thousands computers worldwide in a matter of mere minutes. An explanation of how it happened and comparison to other fast spreading viruses will be provided. An animated map showing rapid spreading of W32/SQLSlammer around the world during first five minutes of the outbreak will be shown.