[ISN] Researchers discover new method of stealth computing

From: InfoSec News (isnat_private)
Date: Wed Aug 29 2001 - 22:39:17 PDT

  • Next message: InfoSec News: "[ISN] Don't Get Mad At SirCam, Get Even"

    [The Notre Dame scientists might be suprised to know how many parties
    are using Back Orifice 2000 to make significant gains on their
    Seti@Home & Distributed.net scores :)   - WK]
    Wednesday, Aug. 29, 2001 
    SAN JOSE, Calif. (AP) -- Uncovering a new but relatively benign
    Internet vulnerability, researchers tricked Web servers around the
    world into solving math problems without permission.
    Unlike hackers who exploit flaws to gain direct access to machines,
    the University of Notre Dame computer scientists created a simple
    virtual computer by relying on the protocols used in everyday Internet
    Each problem was broken down into smaller components that were
    evaluated by the unknowing servers located in North America, Europe
    and Asia. The results from each were used to build a solution.
    The process works a lot like distributed computing, which draws
    massive processing power from multiple Internet-connected computers
    for such tasks as searching for alien life and cracking encryption
    In parasitic computing, however, the work is performed without the
    server owner's knowledge or permission.
    Because parasitic computing traffic masquerades as regular network
    requests -- and is no more challenging to process -- it is unlikely
    that any laws were broken.
    Still, the approach raises some ethical questions, said Vincent Freeh,
    a Notre Dame computer science professor and study co-author. ``When
    you're on the road, do you use a McDonald's restroom without buying a
    hamburger?'' he said. ``That's the ethics of what we're dealing
    The research, reported in Thursday's journal Nature, is primarily an
    academic exercise. For one, sending out data over the Internet
    requires more work than the simple problems solved by the virtual
    ``In no case did we say it could be efficiently exploited,'' Freeh
    By more cleverly breaking down complex problems and running remote
    computations in parallel, it might be possible to improve the
    efficiency. The Notre Dame team, however, set up their system only as
    a proof of concept.
    The attack sends less data to a server than a typical request for a
    Web page.
    The researchers did not disclose targeted servers, except to say they
    were distributed around the world. Nobody noticed their masqueraded
    data packets, which were insignificant compared to regular Internet
    More widespread attempts at the exploit could have the same effect as
    a denial of service attack -- in which the server is so busy
    processing bogus data that it cannot perform its intended job.
    Still, anyone attempting to overload a machine is better off with the
    usual tactic of useless data, said Scott Blake, director of security
    strategy at BindView Corp., a network security firm.
    ``If you're going to flood the machine, you're better off flooding it
    with dumb data,'' he said. ``Being able to do (computations) depends
    on getting valid data from the system you're targeting. If you're
    overloading it, you're not going to get any data.''
    Because the attack involves ubiquitous networking components required
    for the Internet to operate, it would be difficult to stop similar
    attempts to harness computing power, security experts said.
    In particular, the exploit uses a calculation called the checksum --
    used to confirm that information is not corrupted during transmission
    -- in what is known as the Transmission Control Protocol. Even though
    TCP is used in all Internet communication, it is unlikely that the
    technique will be exploited because the system is simply too
    inefficient, Blake said.
    ``We don't think anyone should think their computer is going to be
    used for nefarious purposes,'' he said. ``This is entirely
    theoretical. I'm not convinced there is going to be a practical
    application of it.''
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 03:21:50 PDT