7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

IPv6.kr DNS Deployment Plan Feb, 2004 Seung-hoon Lee & Billy Cheon IP Address Management Team Korea Network Information Center.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Breaking Trust On The Internet
Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Develop IT systems for Recruitment Group 5 Shafali Vedangi Sunita Annie Vivek Dominica D
City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: December 8, 2009.
1 Korea status and future plan on spam & hacking complaints August 30, 2001 Yong Wan Ju Korea Network Information Center.
City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: Better Public Communication.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Ji-Young Lee IP policy & management team Korea Internet & Security Agency.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
(Geneva, Switzerland, September 2014)
Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Google Account Basics: Getting Started with free Google applications.
Chapter 10 Publishing and Maintaining Your Web Site.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Norman SecureSurf Protect your users when surfing the Internet.
Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
1 NC WISE Parent Assistant A user-friendly web application to help parents track their children’s progress in school.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Cyber Bullying: Not Something To Be Ignored A Presentation By Tyler Mulford.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
Department of Information Engineering The Chinese University of Hong Kong A Framework for Monitoring and Measuring a Large-Scale Distributed System in.
Attack Methods Chapter 4 Corporate IT Security Copyright 2002 Prentice-Hall.
Time lag between discovering issue and resolving Difficult to find solutions and patches that can help resolve issue Service outages expensive and.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley.
Index Definition E-commerce : is the buying and selling of goods and services on the Internet, especially the World Wide Web. E-commerce has many.
KRNIC Update Mar. 1, 2006 Jin-man Kim KRNIC of NIDA.
The traditional ing process. Sender Receiver ISP Server.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Jeff Reintjes, Kevin Hao, Carinne Rawlins. Background 1975 in Redmond, WA 3 rd most successful start-up company ever Founded by Bill Gates and Paul Allen.
Unit 9: Distributing Computing & Networking Kaplan University 1.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
IP Address Management Team KRNIC Project for Updated and Advanced Whois Database August, 2003 IP Address Management Team Korea Network Information Center.
Deployment of IDN In Korea Aug. 23, 2003 Korea Network Information Center.
A Network Security -Firewall Bruce Turin.
Computer Security By Duncan Hall.
Anti-spam activities in Korea Billy MH Cheon / Korea Network Information Center.
TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.
IP Address Allocation Procedure in KRNIC Aug. 30 th, 2001 Moo-Ho Cheon Korea Network Information Center.
Feb, 2008 KRNIC of NIDA KRNIC Activity in 2007.
2: Operating Systems Networking for Home & Small Business.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal of all fast flux variants –Avoid detection and take down of.
Blocking Access to Websites. Normal operations We type the URL (e.g., to the browser. So many things happen.
Direct Deposit Phishing Attack
Latest Updates on BlackHawk Mines Music : Privacy Policy
De-anonymizing the Internet Using Unreliable IDs
eDAMIS Status for UA collection
Billy MH Cheon Korea Network Information Center
Presentation transcript:

7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US) White House, Department of Homeland Security + 19 web sites 2 nd Attack Date : ’ :00 ~ :00, ’ :00 ~ :00 Target : (US) White House, NASDAQ, Washington Post + 11 web sites (KR) Blue House, Ministry of National Defense, National Assembly, NAVER(Portal) + 7 web sites 3 rd Attack Date : ’ :00 ~ ’ :00 Target : (KR) Blue House, National Cyber Security Center, DAUM(Portal), PARAN(Portal), + 11 web sites 4 th Attack Date : ’ :00 ~ ’ :00 Target : (KR) NAVER(Portal), ChosunIlbo(Newspaper), G4C + 4 web sites

DDoS Attack : Past Homepage Zombie PCs DDoS Attack : Now ① ② ③ ④ Homepage Zombie PCs ① ② ③ Comparison of DDoS Attack : Past and Now Target and Attack schedule are programmed in the malicious code (No communication with C&C server) Some zombies are scheduled to delete the partition data in the hard disk C&C Server(or Hacker) sends realtime command to the zombie PCs

How we reacted Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs KISA(Korea Internet & Security Agency)  Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses ISPs 

# of zombie PCs from major ISPs Zombie PCsDeletedNot DeletedRate ISP A37,53136,1381, % ISP B1,7221, % ISP C13, % ISP D25,22124, % Total77,87575,5062, %

Lesson Learned It is helpful if ISPs distribute vaccines to protect their customers and their networks. –There are some ISPs in Korea who freely distributes vaccine and recommends users to update it Keeping correct Whois Data is very Important. –Not easy to identify C&C servers and zombie PCs –Especially when they are NATed, it’s hard to track down. Identifying the location of zombie PCs needs collaboration among many countries.

Thank You Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.