| M.I.T. DEPARTMENT OF EECS | |
|---|---|
| 6.033 - Computer System Engineering | Recitation 18 - Tuesday, April 13, 2004 |
Read Internet Denial of Service Considerations by Handley and Slammer: An urgent wake-up call by Saltzer. The former is an "Internet draft": a technical work-in-progress of the Internet Engineering Task Force (IETF). After they go through several rounds of updates and edits, some Internet-drafts become "Requests for Comments" (RFCs), which are published IETF documents such as standards, proposed standards, and best-practices recommendations.
Both papers discuss recent Internet attacks. Handley's paper focuses on denial of service (DoS) attacks, in which the attacker tries to consume all or the resources of the victim machine and prevent legitimate users from accessing these resources. First, read the introduction and the headings of each section. This will give you some information about the scope of the attacks discussed in the paper. Read the whole paper and try to understand it as much as possible. In particular, try to understand the following:
- SYN flood attacks
- the concept of a reflector
- the resources that are attacked
For each design principle in section 4, write down an attack that could be alleviated/countered by using the design principle.
Saltzer's paper discusses the Slammer worm. Computer worms are self-propagating programs. A worm can be either benign or malicious. A malicious worm may try to destroy some files on the infected machine or use the machine to mount a denial of service attack on some Internet service, whereas a benign one uses the machine only to spread itself to other machines. This paper shows you that even if the worm does not try to harm the infected machine, the worm propagation traffic alone can cause severe network congestion. What are the characteristics that allow a worm to spread quickly? Search online for recent Internet attacks. Find an attack that interests you and be prepared to explain it to the other students and the recitation instructor.
Assume that you are running a small network which connects to the rest of the Internet via a single access link provided by BBN. Assume also that your access link is under a severe DoS attack (the access link is highly congested with the traffic). How would that affect your connectivity? Can you alleviate the problem by installing a firewall? Where should you put the firewall? Is that practical?
Now assume that you are running a Web server, on which you have posted some political articles. There is an attacker who wants to prevent other users from reading your articles. He doesn't have enough bandwidth to congest your link so he tries to mount a SYN flood attack. Why is SYN flood easier to implement than bandwidth attacks? How can you counter this attack?
Go to 6.033 Home Page