Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
3 Pages
Distributed denial of service
Course: CS 194, Fall 2005School: Berkeley
Rating:
Word Count: 664
Document Preview
Large Outline Botnets and Distributed Denial of Service Attacks CS 161/194-1 Anthony D. Joseph October 28, 2005 What is a botnet? How to create and use a botnet The money trail... Distributed Denial of Service Attacks Examples October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 2 What is a Botnet? A network of compromised machines See last lecture for compromise techniques Creating and Using...
Unformatted Document Excerpt
Coursehero >> California >> Berkeley >> CS 194Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Large Outline Botnets and Distributed Denial of Service Attacks
CS 161/194-1 Anthony D. Joseph October 28, 2005 What is a botnet? How to create and use a botnet The money trail... Distributed Denial of Service Attacks Examples
October 26, 2005
CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner
2
What is a Botnet?
A network of compromised machines
See last lecture for compromise techniques
Creating and Using a Botnet
Attack! Attack! Attack! Attack!
Zombies connect to server(s)
Typically one or more IRC servers running on zombies Some botnets use custom encrypted protocols
IRC server
You have 500 new msgs
Zombies await commands or perform predetermined actions (e.g., send spam)
Some botnets require authenticated commands Commands can be scripts or executables
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 3 October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner
4
Botnets
Typically rented to "users"
Cost depends on metrics of botnet
Uses for Botnets
Send spam, spyware, adware, and phishing e-mail
Also, hosting phishing websites
Important metrics ("bragging rights")
Number of machines (1,000's 100,000's) Aggregate bandwidth (gigabits terabits) Can be rented for campaign or for time
Click-for-pay fraud Distributed programming
Example: password cracking Distributed servers to control the botnet
Distributed Denial of Service (DDoS) attacks
Overwhelm server and/or network links Political msgs, fame/bragging Extortion ("pay or your site and business die")
October 26, 2005
CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner
5
October 26, 2005
CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner
6
1
Outline
What is a botnet? How to create and use a botnet The money trail... Distributed Denial of Service Attacks Examples
The Money Trail...
Popup ads start appearing on Joe's PC
For well-known brands (Chrysler, Expedia, Microsoft, Priceline, and Travelocity) Each has border saying it is from "Aurora"
Aurora is adware from Direct Revenue
But, Joe doesn't remember installing it...
The adware industry has a $200 million to $2 billion a year revenue stream How does the ad go from Priceline to Joe?
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 7 October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 8
Company
Following the Money
I free make ad-driven SW (eg. Kazaa) I buy ads for Kazaa on search engines
Malicious Affiliates
Most adware/spyware vendors claim they prohibit drive-by-download and virusbased installs But, there's a strong profit incentive, since they get paid based on the number of "eyeballs"... Some even sue adware/spyware detection companies for labeling thing as such!!
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 10
Ad Agency
SW SW Bundler Affiliate
I make viruses to install adware or do "drive-bydownloads
Adware Makers
October 26, 2005
Evil Affiliate You
9
CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner
Outline
What is a botnet? How to create and use a botnet The money trail... Distributed Denial of Service Attacks Examples
DDoS Attacks
Overwhelm server and/or network links
Typical target is web server(s) Try to consume all resources (BW, disk space, CPU)
Simple: same req. for large images/complex action
Might be able to create packet filter to block Might also be able to block source subnets Have to put filters into the network (at upstream ISPs)
Complex: Vary requests, rate, zombie set
Harder to create packet filter (esp. if requests look "real") Rotating set makes source subnet blocks hard Only choice may be to add more and more HW and BW
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 11 October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 12
2
Toxbot Trojan (Oct 10, 2005)
Three Dutch crackers (19, 22, and 27) Used Toxbot Trojan (aka Codbot) to infect machines
Installed adware and spyware on user' machines Conducted DDoS attack against a US company for extortion (pay or crash your site) Conducted phishing attacks to hijack PaPal and eBay accounts, then bought goods with accounts
Microsoft Decoy Zombie
Intentionally infected a machine with zombie code Within 20 days:
PC received > 5 million connections! Tried to send 18 million spam e-mails containing ads for 13,000 unique domains!
Estimated network size of 100K Investigators later discovered true size (>1.5M!)
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 13
October 27, 2005: filed 13 "John Doe" lawsuits against spammers
Enables them to subpoena ISPs and domain registrars for identities
October 26, 2005 CS161 Fall 2005 Joseph/ Tygar/Vazirani/Wagner 14
3
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Berkeley - CS - 194
Outline What is a Worm/Virus? Why are they created? Infection Vectors and Payloads How they propagate and what they doWorms and VirusesCS 161/194-1 Anthony D. Joseph October 26, 2005 Worm propagation rates Virus/Worm detection/prevention F
Berkeley - CS - 194
CS 161: E-commerce Stages in E-commerce purchaseOctober 24, 20052005 by J. D. Tygar , cs.161.org, 24 Oct 200512005 by J. D. Tygar , cs.161.org, 24 Oct 20052Stages in e-commerce purchase Advertising Solicitation Negotiation Purchase
Berkeley - CS - 194
Main Points Applying last week's lectures in practice Creating Secure Channels Example Applications PGP: Pretty Good Privacy TLS: Transport Layer Security VPN: Virtual Private NetworkSecure ChannelsCS 161/194-1 Anthony D. Joseph September 26
Berkeley - CS - 194
CS 194-1 (CS 161) AuthenticationAuthentication Alice and Bob love each other, but they live far apart We've learned how they can encrypt their messages How can they make sure they are talking to each other? This is the question of authentication
Berkeley - CS - 194
Outline Communications Network TaxonomyBackground & Review of Communication FundamentalsCS 161/194-1 Anthony D. Joseph September 9, 2005 Packet Networks The Internet Transport Layer: UDP/IP, TCP/IP Network Service Examples P2P application
Berkeley - CS - 194
CS 194-1 (CS 161) Access ControlRole of Access Control Before closing "back doors" we need to close "front doors" Access control: determines access to files & processes in OS We will return to these themes throughout the courseDoug Tygar (doug
Berkeley - CS - 194
Phone System Hackers: Phreaks Earliest phone hackers? 1870's teenagers 1920's (first automated switchboards) Mid-1950's saw deployment of automated direct-dial long distance switchesNetwork Security War StoriesCS 161/194-1 Anthony D. Joseph Se
Berkeley - CS - 194
CS 194-1 (CS 161) Class IntroductionCS 161 (194-1) basic facts This is a class about computer security 4 units This is an experimental class if successful, it will become CS 161 To take this class, you need patience, an open mind, and willingn
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityHW 3Due Friday, December 2 at 11amPlease include the following at the top of the first page of your homework solution: Your full name Your login name The name of the homework assi
SUNY Stony Brook - AMS - 310.01
AMS 310.01 FALL 2003 Homework #8 Solutions2.48 Let xincuia . Thenxi 1xi n1 nnn(cuii 1n i 1a)ciui 1 nna na)2ncu a(cui cu ) 2 (n 1)nNow,n 2 sx i 1( xi x ) 2 (n 1)(cuia cu (n 1)c2i 1i 1(ui u ) 2 ( n 1)
Berkeley - CS - 194
CS 161Fall 2005 IsolationJoseph/Tygar/Vazirani/WagnerComputer SecurityNotes 301The topic for today is isolation. A program is isolated if it cannot affect other programs on the system. Thus, isolation refers to an inability to causally in
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 21"Anyone who uses software to produce random numbers is in a state of sin." -John von Neumann "The generation of random numbers is too important to be left to chance." -Robe
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 22Object Serialization in JavaJava's object serialization mechanism is a convenient way to store Java objects on disk. It is also tempting to use this mechanism as a buildin
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 20In this lecture we will explore some issues in implementing a digital form of cash - ecash. We normally think of cash as paper money or coins issued by the treasury or a ce
Berkeley - CS - 194
CS 161Fall 2005Computer SecurityJoseph/Tygar/Vazirani/WagnerNotes 18We will consider the following authentication scheme: the user selects a number N = P Q product of two large primes, and a number y = x2 mod N. The server is given N, y an
Berkeley - CS - 194
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 15Writing Secure CodeThis lecture discusses implementation techniques to avoid security holes when you write code. We will describe many good practices. Many of these have a
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 13Topic: Software security; Common implementation flawsThe purpose of the next few lectures is to teach you about software security. Even if we've got the perfect system des
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 14Principles of Secure SoftwareThis lecture will show you a number of principles for building secure systems. First, we will show one powerful concept, the notion of a trust
Berkeley - CS - 194
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 101One-way functionA one-way function is a fundamental notion in cryptography. It is a function on n bits such that given x it is easy to compute f (x) but on input f (x)
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 91Block Ciphers:In symmetric encryption schemes, Alice and Bob share a random key and use this single key to repeatedly exchange information securely despite the existenc
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 11The scope of this classOur goal in this class is to teach you the some of the most important and useful ideas in computer security. By the end of this course, we hope y
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 21The Motivation for FirewallsSuppose you are given a machine, and asked to harden it against external attack. How do you do it? One starting point is to look at the netw
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 81Brief History of CryptographyThe word "cryptography" comes from the latin root crypt meaning secret, and graphia, meaning writing. So cryptography is literally the stud
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityNotes 16In a secret sharing scheme there is a trusted authority TA and n users U1 , . . . ,Un . The TA has a secret value K called the secret or key. The TA uses a share generation
Berkeley - CS - 194
CS 161 Fall 2005P RINT your name: S IGN your name:Computer Security Joseph/Tygar/Vazirani/Wagner,MT 1(last)(first)P RINT your Unix account name: P RINT your TA's name:You may consult any books, notes, or other paper-based inanimate obje
Berkeley - CS - 194
Solutions1. (1 pts.) Any questions? All constructive responses awarded full credit. 2. (4 pts.) Getting started (a) Sentence must be somewhere near name on the first page to receive credit. (b) Quote from CS161 Website: "Homeworks are to be done ind
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityHW 2Solution1. (4 pts.) Any questions Any constructive responses is given full credit. 2. (20 pts.) PGP If you emailed your TA with a correctly signed encrypted message you will r
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityHW 3Solution1. (5 pts.) Any questions Any constructive response is given full credit. 2. (20 pts.) Zero knowledge (a) Simulator: i. Pick a random R (mod N). ii. Let S = Re (mod N)
Berkeley - CS - 194
CS 161 Fall 2005P RINT your name: S IGN your name:Computer Security Joseph/Tygar/Vazirani/Wagner,MT 1(last)(first)P RINT your Unix account name: P RINT your TA's name:You may consult any books, notes, or other paper-based inanimate obje
USC - BUAD - 304
Ethical Dilemma: Is it Unethical to "Shape" Your Resume? All three situations are unethical. Sean's original job title was "credit clerk." The definition of a clerk is a person employed in an office or bank to keep records and accounts and to underta
Berkeley - CS - 194
CS 161 Fall 2005Joseph/Tygar/Vazirani/WagnerMTComputer Security2 SolnProblem 1. [Firewalls and Network Threats] (30 points)List and explain three network threats that a firewall does not protect against. (If a threat only applies to certain
USC - BUAD - 304
Ethical Dilemma: Is it unethical to lie and deceive during negotiations? In negotiations, there are often people with the belief that, "to succeed, one must deceive." There are studies to prove this (one disconcerting study found that "100 percent of
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityHW 1Due Friday, September 23 at 11amPlease include the following at the top of the first page of your homework solution: Your full name Your login name The name of the homework as
USC - BUAD - 304
Hiring Based on Genetic Data I do not believe it is ethical to refrain from hiring someone simply because they have predisposed or presymptomatic genetic conditions. In fact, I do not think the genetic information is at all the property of the employ
Berkeley - CS - 194
CS 161Fall 2005Joseph/Tygar/Vazirani/WagnerComputer SecurityHW 2Due Friday, October 14 at 11amPlease include the following at the top of the first page of your homework solution: Your full name Your login name The name of the homework assi
Berkeley - CS - 194
CS 194-1, Fall 2005 Computer SecurityInstructors: Anthony Joseph (675 Soda Hall) Doug Tygar (531 Soda Hall) Umesh Vazirani (671 Soda Hall) David Wagner (629 Soda Hall) TAs: Paul Huang (pbhuang@cs.berkeley.edu) Jeff Kalvass (jeff@sims.berkeley.edu) R
Berkeley - CS - 194
CS 161 Fall 2005P RINT your name: S IGN your name:Computer Security Joseph/Tygar/Vazirani/Wagner,Final(last)(first)P RINT your Unix account name: P RINT your TA's name:You may consult any books, notes, or other paper-based inanimate obj
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczMidterm ISOLUTIONSMarch 3, 1999 CS152 Computer Architecture and EngineeringYour Name: SID Number: Discussion Section:Problem
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #3)SolutionsMarch 1, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems f
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #4)March 15, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewo
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #2)February 16, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from hom
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division | EECS Fall 1997 D.A. PattersonMidterm I - SOLUTIONS October 8, 1997 CS152 Computer Architecture and Engineering You are allowed to use a calculator and one 8.5" x
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division | EECS Fall 1997 D.A. PattersonMidterm I October 8, 1997 CS152 Computer Architecture and Engineering You are allowed to use a calculator and one 8.5" x 1" double-si
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division | EECS Fall 1997 D.A. PattersonPrerequisite Quiz September 5, 1997 CS152 Computer Architecture and Engineering This prerequisite quiz will be used in determining cl
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division | EECS Fall 1997 D.A. PattersonPrerequisite Quiz Solutions CS152 Computer Architecture and Engineering This document contains solutions and grading scales for the p
Berkeley - CS - 152
CS152 Spring '99Midterm IIPage 1University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczMidterm IISolutionsApril 21, 1999 CS152 Computer Architecture and EngineeringYour Name:
Berkeley - CS - 152
CS152 Spring '99Midterm IIPage 1University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczMidterm IIApril 21, 1999 CS152 Computer Architecture and EngineeringYour Name: Solution S
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczPrerequisite QuizFebruary 1, 1999 CS152 Computer Architecture and EngineeringThis prerequisite quiz will be used in determining
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #3)March 1, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewor
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #4)March 15, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewo
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #5)April 5, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewor
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #6)April 19, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewo
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczPrerequisite QuizFebruary 1, 1999 CS152 Computer Architecture and EngineeringThis prerequisite quiz will be used in determining
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #5)April 5, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewor
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #6)April 19, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the problems from homewo
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczHomework Quiz (HW #2)SolutionsFebruary 16, 1999 CS152 Computer Architecture and EngineeringThis quiz covers one of the proble
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 1999 John KubiatowiczMidterm IMarch 3, 1999 CS152 Computer Architecture and EngineeringYour Name: SID Number: Discussion Section:Problem 1 2 3 4 5
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Fall 2001 John KubiatowiczHomework Quiz (HW #6)November 21, 2001 CS152 Computer Architecture and EngineeringThis quiz combines two of the problems from hom
Berkeley - CS - 152
University of California, Berkeley College of Engineering Computer Science Division EECS Spring 2003 John KubiatowiczPrerequisite QuizFebruary 3, 2003 CS152 Computer Architecture and EngineeringThis prerequisite quiz will be used in determining