The UCSD Network Telescope

The UCSD Network Telescope provides a unique vantage point for
monitoring security events that affect the Interenet as a whole,
including distributed denial-of-service attacks, internet worms, and
targeted scanning behavior.

This talk will explain the network telescope motivation and architecture
and describe recent trends in denial-of-service and Internet worm
activity.

Although it received little media attention, the Witty worm was the
first widely-propagated Internet worm to carry a destructive payload.
It also had a number of other unique and disturbing characteristics,
including being the first Internet worm kicked off in a coordinated
manner using a large number of previously compromised hosts, spreading
by infecting a security (firewall) product, and demonstrating
conclusively that a worm with a small vulnerable population can be
effective.


Bio:
Colleen Shannon is a staff researcher at CAIDA (the Cooperative
Association for Internet Data Analysis).  She leads the network
telescope work within CAIDA; her research interests focus particularly
on examining network security.  She recently authored a study of the
spread of the Witty worm, prominently featured in the current issue of
IEEE Security and Privacy magazine.  In the past, she pioneered a method
of localtime analysis of host behavior that helps to identify the
function of machines infected with an Internet worm.
She recently assessed the viability of using current technology to
automatically block the propagation of Internet worms.  Colleen also has
experience at developing easily navigable, user-friendly web interfaces
to datasets.  The results of Colleen's recent collaboration with five
other researchers in analyzing the SQL Slammer worm was a top story of
the July/August 2003 issue of the IEEE Security and Privacy Magazine.