By Topic

An analysis of the Slapper worm

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Arce, I. ; Core Security Technol., Boston, MA, USA ; Levy, E.

We can prove that the Slapper is a variation of the Apache Scalper worm by comparing the source code. Modifications introduced in the Slapper worm improved the robustness and efficiency of its predecessor's simplistic P2P networking capabilities. Slapper's author also removed certain features from the original-either because they were redundant or to reduce the perception that it was a tool developed to cause direct harm to networks. Among the features the author removed from the Slapper were capabilities to update itself from a remotely specified Web server (perhaps to prevent someone else from replacing this version with a new one), to attack and infect a host specified with a controlling program, and to send spans. Interestingly, the ability to execute distributed denial-of-service attacks on a controlling user's behalf was kept intact. Slapper's author attempted to make communications with a remote controlling program as stealthy and untraceable as possible by removing several commands to query status and obtain feedback from Slapper nodes.

Published in:

Security & Privacy, IEEE  (Volume:1 ,  Issue: 1 )