Sapphire/Slammer Worm

Slides:



Advertisements
Similar presentations
Routing Items from IAB Utrecht Workshop Geoff Huston IAB.
Advertisements

Henk Uijterwaal. APNIC, 6 February 2014, Amsterdam. 1 RIPE NCC Routing Information Service Status and plans Arife Coltekin, Luigi.
Modeling Inter-Domain Routing Protocol Dynamics ISMA 2000 December 6, 2000 In collaboration with Abha, Ahuja, Roger Wattenhofer, Srinivasan Venkatachary,
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Henk Uijterwaal. IEPG, May 6, Routing Beacons Henk Uijterwaal RIPE NCC New Projects Group IEPG May.
1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.
DNS DOMAIN NAME SYSTEM NAME SYSTEM By Lijo George.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Copyright Silicon Defense Worm Overview Stuart Staniford Silicon Defense
INE 3010Lab. National NSP Regional NSP Internet Exchange IX / NAP.
A Measurement Framework for Pin-Pointing Routing Changes Renata Teixeira (UC San Diego) with Jennifer Rexford (AT&T)
Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.
DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Computer networks research roma III university inter-domain routing, ipv6, and network visualization giuseppe di battista maurizio patrignani.
Research on design and implementation of Internet measurement infrastructure Lv Jun Aug 28, 2003.
BGP ANYCAST Simulations Using GTNetS (work in progress) Talal Jaafar Georgia Tech & CAIDA.
Efficient Algorithms for Large-Scale Topology Discovery Benoit Donnet joint work with Philippe Raoult, Timur Friedman and Mark Crovella Sigmetrics 2005.
Henk Uijterwaal. NANOG-26, October 29, New Services from the RIPE NCC Henk Uijterwaal.
ETRI meeting (Feb 16, 2005) -- Dongkee LEE 1 Sapphire/Slammer worm impact on Internet routing Dongkee LEE.
Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root
Connect. Communicate. Collaborate Experiences with tools for network anomaly detection in the GÉANT2 core Maurizio Molina, DANTE COST TMA tech. Seminar.
TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
Tony McGregor RIPE NCC Visiting Researcher The University of Waikato DAR Active measurement in the large.
Doubletree: a Way to Reduce Redundancy in Traceroute Systems Benoit Donnet joint work with P. Raoult, T. Friedman and M. Crovella CAIDA – San Diego (Sept.
APAN 2000 Conference1 Internet Backbone Routing Masaki Hirabaru ISIT, Japan / Merit Network, US.
Detecting Attacks on Internet Infrastructure and Monitoring of Service Restoration in Real Time Andy Ogielski FCC Workshop on Cyber Security 30 September.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
1 DNSMON DNS Server Monitoring RIPE NCC 3 December 2015.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
L. Apricot 2001 Kuala Lumpur. 1 Routing Information Service (RIS) Antony Antony, Thomas Franchetti, Henk Uijterwaal, Daniel Karrenberg.
정하경 MMLAB Fundamentals of Internet Measurement: a Tutorial Nevil Brownlee, Chris Lossley, “Fundamentals of Internet Measurement: a Tutorial,” CMG journal.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
ETRI meeting (Sep 14, 2004) -- Dongkee LEE 1 Internet Routing Anomaly Monitoring System Dongkee LEE.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Defending against Hitlist Worms using NASR Khanh Nguyen.
Some Observations on Network Failures NANOG 15 Craig Labovitz.
. APNIC Routing Information Service (RIS) Arife Coltekin, Luigi Corsello, Henk Uijterwaal, Daniel Karrenberg RIPE-NCC.
Henk Uijterwaal. RIPE 42, 28 February 2016, Amsterdam. / 1 A first look at the effects of the Ebone shutdown Henk Uijterwaal.
NT1210 Introduction to Networking
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Topology Discovery Using an Address Prefix Stopping Rule Benoit Donnet Joint work with Timur Friedman Eunice 2005 – Madrid (Spain)
A CIDR Prefix Stopping Rule for Topology Discovery Benoit Donnet joint work with Timur Friedman Algotel 2005 – Presqu'Ile de Giens.
Traffic Volume Dependencies between IXPs Thomas King R&D, DE-CIX.
Investigation of Traffic Dependencies between IXPs in Failure Scenarios APRICOT 2016, Peering Forum Auckland, New Zealand Arnold Nipper Chief.
Numbering and Interconnection Options
Which network parameters are interesting
BGP Routing Stability of Popular Destinations
The BGP Visibility Scanner
Improved Algorithms for Network Topology Discovery
Sapphire Incident with Roots and VeriSign GTLDs
Network Topics. Network Topics Initial Thoughts Network configuration management SDN exploitation Load balancing (firewalls, external traffic) Virtual.
Measuring BGP Geoff Huston.
Traffic Volume Dependencies between IXPs
René Wilhelm & Henk Uijterwaal RIPE NCC APNIC21, 18 September 2018
IP Addresses in 2016 Geoff Huston APNIC.
Taking Down the Internet
Content Distribution Networks
The real-time Internet routing observatory
CSE551: Introduction to Information Security
RIPE Atlas Viktor Naumov R&D Software Engineer
IPv6 Allocation Status Report
AMM APNIC 15, Taipei, Taiwan 28 Feb 2003
Architectural Implications of the “FixIt” KP Application
Presentation transcript:

Sapphire/Slammer Worm Impact on Internet performance Work by Aldridge, Karrenberg, Uijterwaal & Wilhelm. Presented by Olaf Kolkman http://www.ripe.net/ttm/worm/

Sapphire, Slammer Worm Sapphire worm aka SQL Slammer Microsoft SQL vulnerability exploit Very aggressive rapid spread Said to have an impact on Internet performance Analysis based on TTM, RIS and Route server monitoring. Very rapid onset of observed effects No major impact on the backbone No problems with the root name server system (although 2 servers were affected)

TTM measurements 49 hosts distributed over the internet 2350 mesh 922 (40%) of the links were affected 1430 (60%)were not 20% of the boxes affected 86% of the links

RIPE NCC to Tokyo test box

Tokyo to RIPE NCC testbox

Routing information service 9 Route collectors, 1 in Japan, 1 in US, others in Europe. All except 1 have a full BGP feed All saw about 1-2 orders of magnitude increase in announcements It is not clear if specific routes were invisible in the global routing table during the time of increased activity

RRC00 BGP announcements ~10.000 announcemts/5min ~250 announcemts/5min

Root server monitoring 60 probe host; worldwide but most in Europe 1 measurement per minute. SOA query From probe’s perspective 2 root servers were affected. Most probably connectivity problems close to the servers No effect whatsoever towards the other servers. The DNS system did _not_ suffer.

Root server monitoring cumulative

B as seen by 60 probes

Conclussions The Internet did not show a global meltdown 60% of the test-box relations were not affected Backbone not affected Problems localized at edge networks and their immediate upstreams No impact on the root-server service 2 out of 11 servers had problems. The data routinely collected can help to distinguish global from localised problems RIPE NCC wants to provide this data real-time

Any questions, comments? http://www.ripe.net/ttm/worm/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.