Taking Down the Internet

Slides:

Advertisements

Similar presentations

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

Advertisements

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

Communication Protocols II Ninth Meeting. TCP/IP family.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Electronic Mail and SMTP

1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture and Protocols Socket Programming Instructor: Dr. Mohamed Hefeeda.

Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.

Simple Mail Transfer Protocol

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

SMTP, POP3, IMAP.

Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.

IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.

Review: –How do we address “a network end-point”? –What services are provided by the Internet? –What is the network logical topology observed by a network.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.

FTP (File Transfer Protocol) & Telnet

Internet and Intranet Fundamentals Class 2 Session A.

Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.

TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

File Transfer Protocol (FTP)

TCP/IP Transport and Application (Topic 6)

Day16 Protocols. TCP “Transmission Control Protocol” –Connection oriented Very like a phone call, an actual connection is made between the 2 parties.

1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

Slides based on Carey Williamson’s: FTP & SMTP1 File Transfer Protocol (FTP) r FTP client contacts FTP server at port 21, specifying TCP as transport protocol.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 14-Jun-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Spring 2006 CPE : Application Layer_ 1 Special Topics in Computer Engineering Application layer: Some of these Slides are Based on Slides.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.

UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.

درس مهندسی اینترنت – مهدی عمادی مهندسی اینترنت برنامه‌نویسی در اینترنت 1 SMTP, FTP.

Application Layer Functionality and Protocols Abdul Hadi Alaidi

Introduction to Networks

Chapter 5 Network and Transport Layers

Functions of Presentation Layer

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Computing with C# and the .NET Framework

Understand the OSI Model Part 2

Client-Server Interaction

SMTP, POP3, IMAP.

The Internet and HTTP and DNS Examples

Internet Worm propagation

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

A Distributed DoS in Action

Process-to-Process Delivery:

Chapter 2: Application layer

Transport Protocols An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

لایه ی کاربرد مظفر بگ محمدی 2: Application Layer.

Brad Karp UCL Computer Science

Lecture 2: Overview of TCP/IP protocol

William Stallings Data and Computer Communications

Internet Applications & Programming

Chapter 5 Transport Layer Introduction

Process-to-Process Delivery: UDP, TCP

Chapter 2 Application Layer

Introduction to Internet Worm

Part II Application Layer.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Presentation transcript:

Taking Down the Internet Dmitry O. Gryaznov, Sr. Research Architect

Date: Sat, 25 Jan 2003 05:34:07 GMT South Korea “disappears” Troubles with U.S. ATMs and flights ticketing General Internet slowdown: up to 20% of IP packets lost 11/22/2018

W32/SQLSlammer Only 376 bytes long Exploits a buffer overflow in MS SQL Server Spreads by sending itself to UDP port 1434 at random IP addresses 11/22/2018

Mass-mailing viruses Send thousands of copies by E-mail Can affect mailservers badly Need to connect to a mailserver and follow a mail protocol Require a user 11/22/2018

Sample SMTP session Client Server (connects to TCP port 25) 220 SMTP ready HELO mydomain.net 250 Welcome MAIL FROM:<me@mydomain.net> 250 Sender OK RCPT TO:<you@yourdomain.net> 250 Recipient OK DATA 354 Send the data (message content) . 250 Accepted for delivery QUIT 221 Bye 11/22/2018

Typical daily @mm chart 11/22/2018

CodeRed and likes Exploit vulnerabilities in TCP servers (e.g. a buffer overflow in MS IIS) Need to connect to a server and follow a protocol (e.g. HTTP) Do NOT require a user Do not affect the Internet noticeably 11/22/2018

Sample HTTP session Client Server (connects to TCP port 80) GET /us/index.asp HTTP/1.0 Host: www.somewhere.net HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Last-Modified: Tue, 23 Sep 2003 00:41:05 GMT Content-Length: 43585 Content-Type: text/html Connection: close (43585 bytes of data) 11/22/2018

CodeRed.c (aka CodeRed II) 11/22/2018

Slammer Connectionless UDP, “shoot and forget” A single infected PC exhausts 100Mbps bandwidth – over 30,000 “shots” per second; could attack each and every computer on the Internet in less than a day Much faster in reality – “chain reaction”; took 10-15 minutes to reach its saturation level at 100-200 thousand infected computers worldwide 11/22/2018

Slammer hits per hour 11/22/2018

Slammer hits per minute 11/22/2018

Slammer hits per 10 seconds 11/22/2018

Slammer: First 5 minutes 11/22/2018

Slammer: First 5 minutes 11/22/2018

Is it possible to take down the Internet? 100-200 thousand Slammer-infected computers – 20% IP packets lost 1,000,000 computers - ? 580,000,000 Internet users worldwide Over 14,000 different “backdoors” in Usenet in May-June 2003; millions of readers IRC, P2P, etc. 11/22/2018

Slammer: First 5 minutes 11/22/2018

The WildList Asia Source: WildList Org. 11/22/2018

The WildList Israel Source: WildList Org. 11/22/2018

The WildList India Source: WildList Org. 11/22/2018

The WildList Japan - Seiji Murakami (IPA) Source: WildList Org. 11/22/2018

The WildList Korea Source: WildList Org. 11/22/2018

The WildList Australia The interesting thing about Australia's reports are that things are "rotating" in and out (viruses older than a year fall off the list). But also that Australia tends to report viruses earlier than other countries, and then the other countries confirm the presence of the viruses in the wild. Source: WildList Org. 11/22/2018

The WildList Asia Source: WildList Org. 11/22/2018