Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.00 |
In recent years, many IPv6 networks have been deployed, and the security issues of which arouse more and more public concern. It is commonly believed that IPv6 provides greater security against random-scanning worms by virtue of a very large address space. However, a clever worm can develop a more intelligent scanning strategy to find target hosts. This paper presents a worm which uses the p2p-based hit-list scan strategy to propagate. This worm applied a two-level scanning mechanism to find its targets in IPv6 internet. Based on this idea, we model the behavior of such a worm, and simulation is performed to validate the worm propagation model. Research results demonstrate that this worm can significantly promotes worm propagation in IPv6 internet. We hope that our work can assist in detecting and limiting future worm propagation.