Internet Quarantine: Requirements for containing self-propagating code David Moore, Colleen Shannon, Geoffrey M. Voelker and Stefan Savage The paper studies various strategies to contain worm outbreaks on the Internet, and tries to identify characteristics that are required for an architecture to succeed. The authors consider three types of a tions to react to such infections -- prevention, treatment and containment. They argue that containment is the most viable of the three, given the speed of infection and the human intervention required in the other two. They classify containment strategies based on three parameters -- reaction time, containment strategy and deployment scenario, and use models and simulation to study the effects of each of these, using data from the Code Red breakout. They conclude that containment must be completely automated and extremely rapid and block all paths within minutes if it is to succeed. Content filtering better than address blacklisting. The paper models a grim future, since none of the schemes proposed can really resist a well-constructed worm in the Internet today. * ISPs colluding to filter traffic was suggested as a feasible solution; this works well if most traffic does go through a few ISPs, but also raises the spectre of these ISPs colluding to censor traffic. * Completely automated solutions may themselves prove a point of attack, possibley for denial-of-service attacks. Vote: 4 Accept, 2 Reject