Presentation is loading. Please wait.

Presentation is loading. Please wait.

Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002."— Presentation transcript:

1 Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002

2 Main Idea Find malformed packets and determine the reasons What is the proportion? What are the causes? Ohio University

3 Experimental Setup Main University Link 100Mbits Rate limited to 36Mbits 98% TCP Dorm traffic 10 Mbits 60% TCP 40% Kazaa???

4 Errors detected

5 IP Addres outside of range (local link) 169.254.0.0/16 (Microsoft). DHCP INFORM messages. Finding the directory service for the enterprise root. Making dynamic updates on behalf of clients by the server. 172.128.x.x – 172.186.x.x (AOL). Used when DHCP fails. Moral: Treat as private and filter. Moral2: Don’t send INFORM on networks with dynamic address assignment.

6 DDOS attack, bootstrapping ICMP echo requests sent to limited broadcast address Routers should not have forwared them Source+Dest addresses out of range occurred Weekday mornings Bootstrapping issue

7 Interesting Observations Sent to network 0 Misconfigurations Origin of 255.255.255.255 Sent in response to UDP packets, probably a misconfiguration 0/6 port sequences No real ideas there Some SYN,FIN,URG,PSH packets used to determine O/S type Bad checksum in port range 18245- 21536, probably specific impl problem

8 Packet Distributions Mostly during the day They claim that bit- errors are more likely during the day (why?) They suggest the misconfigurations are likely not in system software (then what?)

9 Moral/Takeaway points Misconfiguration accounts for a lot of malformed packets DDOS attack was observed Internet/Local networks have different error characteristics

Download ppt "Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002."

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CSC458 Programming Assignment II: NAT Nov 7, 2014.

CSC458 Programming Assignment II: NAT Nov 7, 2014.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
S305 – Network Infrastructure Chapter 5 Network and Transport Layers Part 2.

S305 – Network Infrastructure Chapter 5 Network and Transport Layers Part 2.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.

Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.
Chapter 8 Administering TCP/IP.

Chapter 8 Administering TCP/IP.
Subnetting.

Subnetting.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Similar presentations

Ads by Google