Monday, September 10, 2007

Need to choose

I'm also having to decide (shortly) on a topic for this semester's term paper. As I blogged previously, Rob has encouraged me to work on one of the IPv6 vulnerabilities. I've tried to counter with an analysis of FastFlux. Both look interesting.

The IPv6 work would be more directely related to the "Attacks" class. Rob suggested it knowing that I'm one of the few students with IPv6 at home.

I'm interested in the FastFlux problem but I'm wary of where it might lead (remember, the problem is based on problems within the domain registration infrastructure). Then, too, it may also run into one of any number of dead ends as there is a massive bureaucracy between ICANN and the hosting providers, with the registrars in the middle). Without the ability to subpoena a number of people, investigation is limited to what you can extract via the local terminal window. Corruption at the hosting provider or registrar makes it that much more difficult.

I'm a bit discouraged but not yet put off by that. Initial investigation of two FastFlux domains shows a massive number of systems attached to the Storm Worm (amazing since, for most of those boxes, someone had to click on "Click here" to get infected).

In any case, I've got to choose soon. Rob's deadline is coming up fast.