11 November 2001 Marina del Rey GAC meeting Vulnerabilities in the Internet Jaap Akkerhuis.

Slides:

Advertisements

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Advertisements

Review iClickers. Ch 1: The Importance of DNS Security.

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.

Self-Managing Anycast Routing for DNS

6.033: Intro to Computer Networks Layering & Routing Dina Katabi & Sam Madden Some slides are contributed by N. McKewon, J. Rexford, I. Stoica.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Yerevan, July 11, Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

CSE331: Introduction to Networks and Security Lecture 9 Fall 2002.

Ch.6 - Switches CCNA 3 version 3.0.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

The Domain Name System Unix System Administration Download PowerPoint Presentation.

Web server security Dr Jim Briggs WEBP security1.

1/25/2000 Active Names: Flexible Location and Transport of Wide-Area Resources Luis Rivera.

1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.

Chapter 15 Networks. Chapter Goals Types of networks Topologies Open Systems Home Internet connections 15-2.

CS 4396 Computer Networks Lab

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.

Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.

Security at NCAR David Mitchell February 20th, 2007.

1 TCP/IP Internetting ä Subnet layer ä Links stations on same subnet ä Often IEEE LAN standards ä PPP for telephone connections ä TCP/IP specifies.

Addressing Issues David Conrad Internet Software Consortium.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Networking Components Michelle Vega Network System Administrations LTEC /026 Mr. West.

The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX February 2011.

CS 3830 Day 10 Introduction 1-1. Announcements r Quiz #2 this Friday r Program 2 posted yesterday 2: Application Layer 2.

Copyright © 2001 Matrix.Net The Internet Under Stress Peter H. Salus Ph.D. Chief Knowledge Officer

Akademska in raziskovalna mreža Slovenije 1 Networking Basics Gorazd Božič Academic and Research Network of Slovenia

1 DNSMON DNS Server Monitoring RIPE NCC 3 December 2015.

FS/ILG House Managers IAP 2005 Oliver Thomas Information Services & Technology IAP 2005 Oliver Thomas Information Services & Technology.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

An Update on Multihoming in IPv6 Report on IETF Activity RIPE IPv6 Working Group 22 Sept 2004 RIPE 49 Geoff Huston, APNIC.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

Securing Future Growth: Getting Ready for IPv6 NOW! ccTLD Workshop, 8 th April 2011 Noumea, New Caledonia Miwa Fujii, Senior IPv6 Program Specialist, APNIC.

NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

AN OVERVIEW Rocky K. C. Chang13 Sept The web 2.

Web Server Administration Chapter 4 Name Resolution.

Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

COMP 431 Internet Services & Protocols

Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.

CSE 461 Section. Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.

Network Processing Systems Design

Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.

Unit 5: Providing Network Services

ICT Communications Lesson 1: Using the Internet and the World Wide Web

Providing Network Services

Chapter 1: Introduction

Distributed Content in the Network: A Backbone View

Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.

Department of Computer Science Course : Pre Computer Skills

Network Models, Hardware, Protocols and number systems

Presentation transcript:

11 November 2001 Marina del Rey GAC meeting Vulnerabilities in the Internet Jaap Akkerhuis

11 November 2001 Marina del Rey GAC meeting Disclaimer Simplistic generalizations Not a network architecture course Not a DNS course Touching only some points broad overview, not limited to the events of the 11 th More analysis needed especially on details Terminology Internet related

11 November 2001 Marina del Rey GAC meeting Overview Two Perceptions of the event Effects of the Network Damage ISP experiences TLD DNS vulnerabilities Closing Remarks

11 November 2001 Marina del Rey GAC meeting Personal experience Sister in Manhattan (Houston) Was impossible to reach by phone took less then 7 minutes 2 min. to provider, 5 to me clock skew? everything is ok Big Failure: Phone System

11 November 2001 Marina del Rey GAC meeting Honeyman's Experience University of Michigan Networking, cryptography, smart cards Got called No or similar No Television, used Radio Big Failure: Internet

11 November 2001 Marina del Rey GAC meeting What was going on? The network was out? Cnn.com is an end point Much more traffic then usual http is transaction oriented is lightweight easy to route Phone was out? not really (8 hours) Perception

11 November 2001 Marina del Rey GAC meeting Measurements Matrix.net (MIDS) monitors continuously Last 14 years View of the world from Austin Texas 60,000 sites every 15 minutes beacon list contains over 10,000 entries ICMP ECHO (PING) and HTTP probes from 100 points around the world Data supplied Peter Salus

11 November 2001 Marina del Rey GAC meeting Legenda 1: World ISP :WEB 3: DNS TLD Servers 4: Internet

11 November 2001 Marina del Rey GAC meeting The Attack

11 November 2001 Marina del Rey GAC meeting Effects WTC was major communication hub Telehouse (NY IX) close to WTC Lots of lines went out Rerouting takes some time

11 November 2001 Marina del Rey GAC meeting Hurricane Floyd 1: WEB 2:Internet

11 November 2001 Marina del Rey GAC meeting Events surrounding 11 Sept.

11 November 2001 Marina del Rey GAC meeting Events following 11 th Anticipating Power Failure of Telehouse ISPs set up extra peering at exchanges Big operators helped out competitors Extra multi homing by various ISPs

11 November 2001 Marina del Rey GAC meeting Comparable Outage: AMS-IX Amsterdan Internet Exchange (July 2001) one of the major European IXs Problems two out of three locations Hardware problems triggered by specific multi vendor combinations Took a week to solve

11 November 2001 Marina del Rey GAC meeting Phenomena in Europe Medium sized Dutch ISP Big International ISP

11 November 2001 Marina del Rey GAC meeting Experiences ISP  W Description of operation Medium sized Dutch ISP 10 year in business Transit with Telehouse (Broadway 25) Major peering as well Hosting farm at Telehouse Minor peering at AMS-IX

11 November 2001 Marina del Rey GAC meeting Experiences ISP  W Extra measures more peering & alternative transit Result transit OK hosting farm 1 week out

11 November 2001 Marina del Rey GAC meeting Experiences ISP  W Lessons learned Network designed with redundancy Need to think about more then the network security Transatlantic cable cut (3 weeks ago) was worse 18 hours down

11 November 2001 Marina del Rey GAC meeting Reflections by BIG ISP on 11 th Lots of extra transit Need to be flexible Strong arm the CFO Lots of multi homing set up Grow of routing tables (20%) Not always effective Routing policies of other ISPs Router memory exhaustion

11 November 2001 Marina del Rey GAC meeting Reflections by BIG ISP Costs of redundancy policies Threefold redundancy in transatlantic cables in the end, it's all economics Transit at internet exchanges Single point of failure Routing aggregations policies (Ripe NCC) Trims size of routing tables Uses more IP address space

11 November 2001 Marina del Rey GAC meeting TLD DNS Vulnerabilities DNS: Hierarchical distributed structure and name resolving Specific examples are neutral using.nl,.de,.uk,.be, se. to protect the innocent Results: useless statistics, needs further study

11 November 2001 Marina del Rey GAC meeting Root zone file analysis Resource Records: 1859 1 SOA record 1 TXT record 255 TLDs 1216 Name server (delegation) records example: NL IN NS SUNIC.SUNET.SE. 5 records per tld 641 Glue records SUNIC.SUNET.SE IN A less then 3 per tld

11 November 2001 Marina del Rey GAC meeting Root zone analysis (cont.) No. of root servers: 13 TLDs sharing in root name servers ARPA IN NS A.ROOT-SERVERS.NET.. 13 ARPA. 9 EDU. 9 GOV. 9 MIL. 5 SE. 1

11 November 2001 Marina del Rey GAC meeting TLDs with specific nameservers #TLD in #name servers NL IN NS SUNIC.SUNET.SE.

11 November 2001 Marina del Rey GAC meeting # of Name servers for TLDs #NS serving #TLD

11 November 2001 Marina del Rey GAC meeting Closing Remarks supported by de. and nl. The packet switched internet network works Control structure distributed by nature Don't fix problems by adding central control Strengthen the distributed control More risk analysis needed Network level DNS implementation