Wednesday, February 28, 2007
Continuation to Did you know series?
The code red worm is a computer worm that attacked computers running the Microsoft IIS web server. Within a week of its release (July 13th 2001) it had infected 3590000 users. It made use of the vulnerability in the indexing software distributed with IIS called as buffer overflow. This worm along with others like slammer, nimda etc are all fast scanning worms. The effectiveness of these worms can be argued to the fact that IPv4 addresses are only 32 bit long thus allowing exhaustive search. This can make one believe that adoption of the 128bit IPv6 addressing should stem the speed due to it sparse address spacing of these worms assuming that the number of internet users dont go up by similar factor. The work factor for finding a target in an IPv6 Internet will increase by approximately 2 to the power 96, rendering random scanning prohibitively expensive. This raises a good point of discussion if this can be a good solution.