7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)

Slides:

Advertisements

Similar presentations

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Advertisements

IPv6.kr DNS Deployment Plan Feb, 2004 Seung-hoon Lee & Billy Cheon IP Address Management Team Korea Network Information Center.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Breaking Trust On The Internet

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Develop IT systems for Recruitment Group 5 Shafali Vedangi Sunita Annie Vivek Dominica D

City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: December 8, 2009.

By Won Lee.  Stands for Simple Mail Transfer Protocol  Used for sending and receiving electronic mail efficiently and reliably  Daily function of life.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Ji-Young Lee IP policy & management team Korea Internet & Security Agency.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Chapter 4 Application Security Knowledge and Test Prep

(Geneva, Switzerland, September 2014)

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Chapter 10 Publishing and Maintaining Your Web Site.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Norman SecureSurf Protect your users when surfing the Internet.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

MessageSync™ Exclusively By: TELETOUCH PAGING, LP A Critical Alerts System Company.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

1 NC WISE Parent Assistant A user-friendly web application to help parents track their children’s progress in school.

APT29 HAMMERTOSS Jayakrishnan M.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Cyber Bullying: Not Something To Be Ignored A Presentation By Tyler Mulford.

1 Project 7: My Photo Album Graded Project. 2 Assignment Write a web app to permit users to upload and view photos. User can keep up to five photos on.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

Department of Information Engineering The Chinese University of Hong Kong A Framework for Monitoring and Measuring a Large-Scale Distributed System in.

Attack Methods Chapter 4 Corporate IT Security Copyright 2002 Prentice-Hall.

--Harish Reddy Vemula Distributed Denial of Service.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Cyber Warfare Situational Awareness & Best Defense Practices Presented by Hasan Yasar

KRNIC Update Mar. 1, 2006 Jin-man Kim KRNIC of NIDA.

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

The traditional ing process. Sender Receiver ISP Server.

Tender Portal Home Page Entry to secure area Adverts viewed in three areas of the site.

7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

IP Address Management Team KRNIC Project for Updated and Advanced Whois Database August, 2003 IP Address Management Team Korea Network Information Center.

Deployment of IDN In Korea Aug. 23, 2003 Korea Network Information Center.

A Network Security -Firewall Bruce Turin.

Anti-spam activities in Korea Billy MH Cheon / Korea Network Information Center.

IP Address Allocation Procedure in KRNIC Aug. 30 th, 2001 Moo-Ho Cheon Korea Network Information Center.

Feb, 2008 KRNIC of NIDA KRNIC Activity in 2007.

Lesson 10—Networking BASICS1 Networking BASICS The Internet and Its Tools Unit 3 Lesson 10.

2: Operating Systems Networking for Home & Small Business.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal of all fast flux variants –Avoid detection and take down of.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Blocking Access to Websites. Normal operations We type the URL (e.g., to the browser. So many things happen.

ADVANCED PERSISTENT THREATS (APTs) - Simulation

De-anonymizing the Internet Using Unreliable IDs

1st Rotation 2nd Rotation 3rd Rotation 4th Rotation

Billy MH Cheon Korea Network Information Center

Presentation transcript:

7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US) White House, Department of Homeland Security + 19 web sites 2 nd Attack Date : ’ :00 ~ :00, ’ :00 ~ :00 Target : (US) White House, NASDAQ, Washington Post + 11 web sites (KR) Blue House, Ministry of National Defense, National Assembly, NAVER(Portal) + 7 web sites 3 rd Attack Date : ’ :00 ~ ’ :00 Target : (KR) Blue House, National Cyber Security Center, DAUM(Portal), PARAN(Portal), + 11 web sites 4 th Attack Date : ’ :00 ~ ’ :00 Target : (KR) NAVER(Portal), ChosunIlbo(Newspaper), G4C + 4 web sites

DDoS Attack : Past Homepage Zombie PCs DDoS Attack : Now ① ② ③ ④ Homepage Zombie PCs ① ② ③ Comparison of DDoS Attack : Past and Now Target and Attack schedule are programmed in the malicious code (No communication with C&C server) Some zombies are scheduled to delete the partition data in the hard disk C&C Server(or Hacker) sends realtime command to the zombie PCs

How we reacted Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs KISA(Korea Internet & Security Agency)  Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses ISPs 

# of zombie PCs from major ISPs Zombie PCsDeletedNot DeletedRate ISP A37,53136,1381, % ISP B1,7221, % ISP C13, % ISP D25,22124, % Total77,87575,5062, %

Lesson Learned Not easy to identify C&C servers and zombie PCs –Especially when they are NATed, it’s hard to track down. Necessary to distribute vaccines from ISPs –There is an ISP who freely distributes vaccine and recommends users to update it. One fast way to solve the DDoS attack is to restrict the access of zombie PCs Source of Attack : Not Identified Motivation of Attack : Not Identified

Thank You Thank You