Presentation is loading. Please wait.

Presentation is loading. Please wait.

7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)

Published byElijah Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)"— Presentation transcript:

1

2 7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US) White House, Department of Homeland Security + 19 web sites 2 nd Attack Date : ’09.7.7 18:00 ~ 7.8 18:00, ’09.7.7 21:00 ~ 7.8 07:00 Target : (US) White House, NASDAQ, Washington Post + 11 web sites (KR) Blue House, Ministry of National Defense, National Assembly, NAVER(Portal) + 7 web sites 3 rd Attack Date : ’09.7.8 18:00 ~ ’09.7.9 18:00 Target : (KR) Blue House, National Cyber Security Center, DAUM(Portal), PARAN(Portal), + 11 web sites 4 th Attack Date : ’09.7.9 18:00 ~ ’09.7.10 18:00 Target : (KR) NAVER(Portal), ChosunIlbo(Newspaper), G4C + 4 web sites

3 DDoS Attack : Past Homepage Zombie PCs DDoS Attack : Now ① ② ③ ④ Homepage Zombie PCs ① ② ③ Comparison of DDoS Attack : Past and Now Target and Attack schedule are programmed in the malicious code (No communication with C&C server) Some zombies are scheduled to delete the partition data in the hard disk C&C Server(or Hacker) sends realtime command to the zombie PCs

4 How we reacted Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs Collected zombie IP addresses from the victim sites and sent them to each ISPs(Total 127 ISPs in Korea) Uploaded vaccines in the major Korean portals and game sites and recommended Internet users to update them Opened KRNIC Whois to the victim sites to identify the zombie PCs KISA(Korea Internet & Security Agency)  Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses Some of them were already aware of the zombie IP addresses from the IDS Contacted the subscribers and let them update their vaccines Disconnected their accesses ISPs 

5 # of zombie PCs from major ISPs Zombie PCsDeletedNot DeletedRate ISP A37,53136,1381,39396.3% ISP B1,7221,57914391.7% ISP C13,401 -100.0% ISP D25,22124,38883396.7% Total77,87575,5062,36997.0% 2009. 7. 11

6 Lesson Learned Not easy to identify C&C servers and zombie PCs –Especially when they are NATed, it’s hard to track down. Necessary to distribute vaccines from ISPs –There is an ISP who freely distributes vaccine and recommends users to update it. One fast way to solve the DDoS attack is to restrict the access of zombie PCs Source of Attack : Not Identified Motivation of Attack : Not Identified

7 Thank You leejy@kisa.or.kr Thank You leejy@kisa.or.kr

Download ppt "7.7 DDoS Attack Timeline 1 st Attack Date : ’09.7.5 02:00 ~ ’09. 7.5 14:00, ’09.7.5 22:00 ~ ’09. 7.6 18:00 Target : (US) White House + 4 web sites (US)"

Similar presentations

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
IPv6.kr DNS Deployment Plan Feb, 2004 Seung-hoon Lee & Billy Cheon IP Address Management Team Korea Network Information Center.

IPv6.kr DNS Deployment Plan Feb, 2004 Seung-hoon Lee & Billy Cheon IP Address Management Team Korea Network Information Center.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Your Botnet is My Botnet: Analysis of a Botnet Takeover

Your Botnet is My Botnet: Analysis of a Botnet Takeover
Breaking Trust On The Internet

Breaking Trust On The Internet
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Develop IT systems for Recruitment Group 5 Shafali---399 Vedangi---389 Sunita-----379 Annie----366 Vivek------ Dominica D-----416.

Develop IT systems for Recruitment Group 5 Shafali Vedangi Sunita Annie Vivek Dominica D
City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: December 8, 2009.

City Sara VonBargen, Sr. Implementation Manager GovDelivery ® & Digital Subscription Management: December 8, 2009.
By Won Lee.  Stands for Simple Mail Transfer Protocol  Used for sending and receiving electronic mail efficiently and reliably  Daily function of life.

By Won Lee.  Stands for Simple Mail Transfer Protocol  Used for sending and receiving electronic mail efficiently and reliably  Daily function of life.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
2010. 8. 24 Ji-Young Lee IP policy & management team Korea Internet & Security Agency.

Ji-Young Lee IP policy & management team Korea Internet & Security Agency.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Chapter 10 Publishing and Maintaining Your Web Site.

Chapter 10 Publishing and Maintaining Your Web Site.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google