Comment Re:Neat (Score 1) 101
I can't access the paper to check, but I think it is the same paper I read when it first came out in 2005 (search scholar.google.com for "Collaborative Internet worm containment"). They gave a possible fix for p2p traffic at least by examining the number of unique connections made over a long period of time (say 1 month). If 10,000 unique connections were made within the course of the one month time frame the threshold would be breached. If I remember correctly they found out that the average user who uses filesharing programs for most of the time still only makes about 4000 UNIQUE connections over a one month period. A worm on the other hand would reach that limit within seconds identifying itself even over a program that normally makes a lot of connections.
I think they also note that this only works for fast worms and not stealth ones that take their time to propagate.
Still, it is an interesting idea and one that I made a few references to in my research at the time!
I think they also note that this only works for fast worms and not stealth ones that take their time to propagate.
Still, it is an interesting idea and one that I made a few references to in my research at the time!
