台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan The first message about the worm we got.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Worms – Code Red BD 480 This presentation is an amalgam of presentations by David Moore, Randy Marchany and Ed Skoudis. I have edited and added material.

S3 Computer Literacy Internet Technology.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

Hands-On Microsoft Windows Server 2003 Networking Chapter Four Subnetting.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Taiwan Network Information Center Spam Status & Anti-Spam Schemes in Taiwan Taiwan Network Information Center David Chen Sep 5, 2002.

The internet and the WWW

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

MyDoom!. Diagram for how MyDoom Spread Three major types of Threats 1.Worm 2. Virus 3.Trojan Horse.

APA of Isfahan University of Technology In the name of God.

The Internet’s Hardware Much of the hardware components that make up the Internet are owned or shared by thousands of private and public organizations.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

January 2004 Internet Use and Broadband Adoption in Taiwan: An Overview Report January 2004 Dr. Te-Hsin Liang Associate Professor Dep’t of Statistics Information.

Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.

Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

CIS 450 – Network Security Chapter 3 – Information Gathering.

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

ETRI meeting (Feb 16, 2005) -- Dongkee LEE 1 Sapphire/Slammer worm impact on Internet routing Dongkee LEE.

Security at NCAR David Mitchell February 20th, 2007.

The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Click your mouse to continue. Connecting to the Internet To connect to the Internet, your computer must have: A Web browser, such as Microsoft Internet.

DoS attacks on transit network - David Harmelin ( ) Denial of Service attacks on transit networks David Harmelin DANTE.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Characterising the Use of a Campus Wireless Network 徐志賢 Paper From: D. Schwab and R.B. Bunt, "Characterising the Use of a Campus Wireless Network", Proc.

Chapter 9 Cisco IOS Firewall. IOS Firewall  Stateful packet-filter firewall that runs on a router  Provides firewall capabilities and normal routing.

1 TWNIC Update Sheng Wei Kuo, TWNIC NIR SIG, APNIC 29.

McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.

Computer Viruses By: Eyad Al-Hazmi. Roadmap Introduction : Computer Viruses in brief Danger of Virus attacks Virus Attacks and Ethics Economic Impact.

How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.

NetTech Solutions Protecting the Computer Lesson 10.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Network Components Basics!. Network HUB  Used to connect multiple Ethernet devices together  Layer 1 of the OSI model  Not used much today.

Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.

TOPIC 3 DATA TRANSMISSION AND NETWORKING MEDIA. INTERNET SERVICE PROVIDER (ISP) also known as Internet Access Provider (IAP) It is a company that offers.

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

The Internet Worm Incident Eugene H. Spafford  Attack Format –Worm vs. Virus  Attack Specifications –Worm operation –Infection and propagaion  Topics.

Students will: Learn about the complexity of sending messages over the Internet Translate URLs into IP Addresses Practice creative problem solving.

Introduction to Networking

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

By: Shannon O’Hara The internet is born! 1971 People communicate over a network for the first time. is invented! A program to send messages.

Assignment # 3 Networking Components By: Jeff Long.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.

Information Systems Design and Development Security Risks Computing Science.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Introduction to Computer Systems. Stacks and Buflab Recitation 3 Monday September 21th, 2009.

Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.

By: Austen Perelman-Hall COSC 101 Presentation.  What is a worm? What is a virus?  What is the Red Worm?  Where did it come from? Causes  Effects.

OVERVIEW Virus & Worm overview Virus & Worm Difference CodeRed Worm Impact Detection Prevention.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Computer Data Security & Privacy

Filtering Spoofed Packets

CS4622 Team 4 Worms, DoS, and Smurf Attacks

Information Security Session October 24, 2005

DDoS Attack and Its Defense

Presentation transcript:

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan The first message about the worm we got was at 12:00pm, Jan 25. Some engineers of ISPs were call back to handle the unusual network traffic. In the afternoon, many online game were affected by the worm, users report they can not connect to their game servers. The network has been slowing down.

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan At 10:00pm, Jan 25, we announced the news about this worm including methods to protect their SQL server. At 11:30am, Jan 26, we published CA in Chinese. Jan 26, most networks were getting back to normal, TANET (education network) were still down.

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan Jan 27, we contacted to Microsoft Taiwan, and they provided a web page to describe the worm and hotfix in the afternoon. Jan 27, TANET were getting back, but we found some routing is corrupted. After Jan 28, all networks came back to normal. There were still a few attack packets shown on the network, but no more incident reported.

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log APOL

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log Hinet

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log TANET

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center DNS Traffic Log SEEDNet

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Numbers of incidents reported TotalSlammer% Jan 25 ~ Jan % Feb 1 ~ Feb %

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Analyze The density and amount number of SQL server is much lower then IIS, situation of infection will not worse then CodeRed. Packet size is larger, it means the packet number will less, and less effect on core routers. (CodeRed sends much more small packets)

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Analyze Victims infected by slammer will first against to their local network. And this also means easy to find. ISPs established their response team after CodeRed, so they can control the situation rapidly, and limit the range of damage.