Cost of Worm Attack Protection

Sean Donelan sean at donelan.com
Thu Nov 13 17:34:44 UTC 2003


On Thu, 13 Nov 2003 sgorman1 at gmu.edu wrote:
> I was hoping to get some estimates from folks on the costs of defending
> networks from various worm attacks.  It is a pretty wide open question,
> but if anyone has some rough estimates of what it costs per edge,
> manpower vs. equipment costs, or any combination thereof it would be of
> great assistance.  We are doing some simulations of attack and defense
> strategies and looking for some good metrics to plug into a cost benefit
> model.  We'd be happy to share the results if anyone is interested as
> well.

I don't know of any existing worms that attack Cisco or Juniper or other
network backbone equipment.  For a NSP or ISP, worms are primarly an issue
of capacity planning.

According to bankruptcy filings, companies such as Worldcom spent billions
increasing their backbone capacity throughout the 1990's.  So the
backbones still have a massive capacity glut. But I don't know if they
increased their network capacity due to worms or for other reasons. If
the worms don't cause problems for the network provider, what should they
do?

On the other hand, would it make the problem worse?  The US Forest Service
used to have a policy of aggressively fighting all forest fires.  This
resulted in a build-up of fuel load throughout the forest lands, and then
massive forest fires.  The regular smaller fires served an important
purpose in the eco-system, and limited the fuel load.

If NSPs aggressively blocked worms, would this result in end-users doing
even less than they currently do to keep their systems up to date and
protected?  Then instead of the occasional 1% to 5% infection rate for
worms, would we be faced with a user population with even worse defenses
than they have now?  You often see this effect in enterprise networks with
massive firewalls on the perimeter, and no protection on the inside.  When
a worm gets past the perimeter firewall, it wrecks havoc on the
out-of-date systems in the enterprise.




More information about the NANOG mailing list