[RC5] RC5 keys aren't the only things being cracked by the million.

Martin Harvey martin at pergolesi.demon.co.uk
Wed Oct 13 20:50:14 EDT 1999


The following URL came to my attention recently, and seems to have been
(in part) inspired by d.net.

http://www.viacorp.com/auditing.html

It basically details an attempt to determine the security of most
machines on the net, doing things "distributed.net style" : Compile a
list of basic security flaws to check for, a list of machines to check
them on, and throw hardware at it.

Quick quote:

<<
In our case, we ended up scanning around 36 million IPs, which we
estimate
covered 85 percent of the active address space at the time.
>>

d.net people may be interested by the following excerpt, which envisions
a distributed effort to maintain security across the net:

<<
=== A minor detour, introducing IDDN.
    (the International Digital Defense Network)

All of this brings us to an interesting idea we've been playing around
with that could dramaticly influence Internet security for the good,
if / when it is eventually implemented.  Frankly, the idea deserves an
article of it's own, but since we are so busy, we will introduce it
here.

Inspired by the high response to cryptographic key challenges,
distributed.net and the SETI effort, we vision a non-profit
foundation, which we like to ambitiously call IDDN, the International
Digital Defense Network, working in the public interest to organize
massively distributed scanning efforts which routinely probe the
Internet for security vulnerabilities. 10,000 participants could
finish a scan cycle every 2-3 days at an insignificant, single JPM
each. At the end of a cycle, an automated system could draw the
attention of administrators worldwide to some of their local security
problems, and offer whatever information and solutions (bug-fixes,
patches, workarounds) it has on database (patches, advisories,
exploits). In our opinion, such an effort is highly practical and
could contribute more to the stability and security of the Internet
then the traditional (somewhat pointless?) bruteforce crypto key
challenges. We believe organizing an Internet neighborhood-watch of
sorts is in everyone's interests, especially the Internet's commercial
industry which depend on the Internet to eventually fulfill it's
potential for global electronic commerce.

We do not have the time or resources to get the IDDN off the drawing
board by ourselves and would be interested in the community's input
on this issue.
>>

--
Martin Harvey.
New email address!!!!!!!!
martin at pergolesi.demon.co.uk
http://www.pergolesi.demon.co.uk


--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list