6.033 / Spring 2005 / Preparation for May 5

6.033: Computer Systems Engineering

Spring 2005

Home / News

Schedule

Reading List

General Information

Staff List

Student List

TA Office Hours

FAQ

Class Notes Errata

Excellent Writing Examples

6.033 Spring 2005: Preparation for Recitation 24

Tuesday, May 5

Read Internet Denial of Service Considerations by Handley and Slammer: An urgent wake-up call by Saltzer. The former is an "Internet draft": a technical work-in-progress of the Internet Engineering Task Force (IETF). After they go through several rounds of updates and edits, some Internet-drafts become "Requests for Comments" (RFCs), which are published IETF documents such as standards, proposed standards, and best-practices recommendations.

Both papers discuss recent Internet attacks. Handley's paper focuses on denial of service (DoS) attacks, in which the attacker tries to consume all or the resources of the victim machine and prevent legitimate users from accessing these resources. First, read the introduction and the headings of each section. This will give you some information about the scope of the attacks discussed in the paper. Read the whole paper and try to understand it as much as possible. In particular, try to understand the following:

SYN flood attacks
the concept of a reflector
the resources that are attacked

For each design principle in section 4, write down an attack that could be alleviated/countered by using the design principle.

Saltzer's paper discusses the Slammer worm. Computer worms are self-propagating programs. A worm can be either benign or malicious. A malicious worm may try to destroy some files on the infected machine or use the machine to mount a denial of service attack on some Internet service, whereas a benign one uses the machine only to spread itself to other machines. This paper shows you that even if the worm does not try to harm the infected machine, the worm propagation traffic alone can cause severe network congestion. What are the characteristics that allow a worm to spread quickly? Search online for recent Internet attacks. Find an attack that interests you and be prepared to explain it to the other students and the recitation instructor.

Assume that you are running a small network which connects to the rest of the Internet via a single access link provided by BBN. Assume also that your access link is under a severe DoS attack (the access link is highly congested with the traffic). How would that affect your connectivity? Can you alleviate the problem by installing a firewall? Where should you put the firewall? Is that practical?

Now assume that you are running a Web server, on which you have posted some political articles. There is an attacker who wants to prevent other users from reading your articles. He doesn't have enough bandwidth to congest your link so he tries to mount a SYN flood attack. Why is SYN flood easier to implement than bandwidth attacks? How can you counter this attack?

Questions or comments regarding 6.033? Send e-mail to the 6.033 staff at or to the 6.033 TAs at

Top // 6.033 home // $Id: r-slammerdos.html,v 1.2 2005/04/28 20:45:28 stanrost Exp $