Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taking Down the Internet

Published byFarida Gunardi Modified over 5 years ago

Similar presentations

Presentation on theme: "Taking Down the Internet"— Presentation transcript:

1 Taking Down the Internet
Dmitry O. Gryaznov, Sr. Research Architect

2 Date: Sat, 25 Jan 2003 05:34:07 GMT South Korea “disappears”
Troubles with U.S. ATMs and flights ticketing General Internet slowdown: up to 20% of IP packets lost 11/22/2018

3 W32/SQLSlammer Only 376 bytes long
Exploits a buffer overflow in MS SQL Server Spreads by sending itself to UDP port 1434 at random IP addresses 11/22/2018

4 Mass-mailing viruses Send thousands of copies by E-mail
Can affect mailservers badly Need to connect to a mailserver and follow a mail protocol Require a user 11/22/2018

5 Sample SMTP session Client Server
(connects to TCP port 25) SMTP ready HELO mydomain.net Welcome MAIL Sender OK RCPT Recipient OK DATA Send the data (message content) Accepted for delivery QUIT Bye 11/22/2018

6 Typical daily @mm chart
11/22/2018

7 CodeRed and likes Exploit vulnerabilities in TCP servers (e.g. a buffer overflow in MS IIS) Need to connect to a server and follow a protocol (e.g. HTTP) Do NOT require a user Do not affect the Internet noticeably 11/22/2018

8 Sample HTTP session Client Server
(connects to TCP port 80) GET /us/index.asp HTTP/1.0 Host: HTTP/ OK Server: Microsoft-IIS/ Last-Modified: Tue, 23 Sep :41:05 GMT Content-Length: Content-Type: text/html Connection: close (43585 bytes of data) 11/22/2018

9 CodeRed.c (aka CodeRed II)
11/22/2018

10 Slammer Connectionless UDP, “shoot and forget”
A single infected PC exhausts 100Mbps bandwidth – over 30,000 “shots” per second; could attack each and every computer on the Internet in less than a day Much faster in reality – “chain reaction”; took minutes to reach its saturation level at thousand infected computers worldwide 11/22/2018

11 Slammer hits per hour 11/22/2018

12 Slammer hits per minute
11/22/2018

13 Slammer hits per 10 seconds
11/22/2018

14 Slammer: First 5 minutes
11/22/2018

15 Slammer: First 5 minutes
11/22/2018

16 Is it possible to take down the Internet?
thousand Slammer-infected computers – 20% IP packets lost 1,000,000 computers - ? 580,000,000 Internet users worldwide Over 14,000 different “backdoors” in Usenet in May-June 2003; millions of readers IRC, P2P, etc. 11/22/2018

17 Slammer: First 5 minutes
11/22/2018

18 The WildList Asia Source: WildList Org. 11/22/2018

19 The WildList Israel Source: WildList Org. 11/22/2018

20 The WildList India Source: WildList Org. 11/22/2018

21 The WildList Japan - Seiji Murakami (IPA)
Source: WildList Org. 11/22/2018

22 The WildList Korea Source: WildList Org. 11/22/2018

23 The WildList Australia
The interesting thing about Australia's reports are that things are "rotating" in and out (viruses older than a year fall off the list). But also that Australia tends to report viruses earlier than other countries, and then the other countries confirm the presence of the viruses in the wild. Source: WildList Org. 11/22/2018

24 The WildList Asia Source: WildList Org. 11/22/2018

Download ppt "Taking Down the Internet"

Similar presentations

HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Communication Protocols II Ninth Meeting. TCP/IP family.

Communication Protocols II Ninth Meeting. TCP/IP family.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Electronic Mail and SMTP

Electronic Mail and SMTP
1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture and Protocols Socket Programming Instructor: Dr. Mohamed Hefeeda.

1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture and Protocols Socket Programming Instructor: Dr. Mohamed Hefeeda.
Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.

Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.
Simple Mail Transfer Protocol

Simple Mail Transfer Protocol
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.
SMTP, POP3, IMAP.

SMTP, POP3, IMAP.
Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.

Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.
IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.

IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.
Review: –How do we address “a network end-point”? –What services are provided by the Internet? –What is the network logical topology observed by a network.

Review: –How do we address “a network end-point”? –What services are provided by the Internet? –What is the network logical topology observed by a network.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Internet Worms Brad Karp UCL Computer Science CS GZ03 / 4030 10 th December, 2007.

Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.
FTP (File Transfer Protocol) & Telnet

FTP (File Transfer Protocol) & Telnet
Internet and Intranet Fundamentals Class 2 Session A.

Internet and Intranet Fundamentals Class 2 Session A.

Similar presentations

Ads by Google