Transcript From Packets and IP to the Ping of Death, An

The Tech Behind
Cyber Security
October 31 | Part 1: From Packets to IP and the
“Ping of Death”: An Introduction to Cyber
November ?|Part 2: Case Study: Distributed
Denial, the Tech of Cyber Attack in the RussoGeorgian War of 2008
0
1
bits and bytes
• bit: (binary digit) bit
• The basic unit of information in
computing, the amount of information
stored by a digital device in one of two
possible distinct states, not 1 and 2, off/on
• digital value of 1 = positive voltage, up to
5 volts
• digital value of 0 = 0 volts
• 8 bits = 1 byte, usually, but depends on
hardware
• byte: the number of bits needed to
encode a single character of text in a
computer
binary to letter
01110000 = p
01101001 = i
01111010 = z
01111010 = z
01100001 = a
data and packets
data: binary files, 01010010010010010… etc.
packet: a unit of data
from binary to text or image
packet: control information and payload
control information: data the network needs to
deliver the payload, ex. address, error control
• payload: the content of your “digital letter”
•
•
•
•
•
hosts on networks
• who has the data? who doesn’t … hosts going
global and mobile
• networks: start local, LANs, wireless LANs, AirBears
• client-server model
• addresses, what’s your unique network address?
• Type: ipconfig, find IPv4 numerical address
• ping www.wikipedia.org
• ping ist.berkeley.edu
• ping www.ca.gov
• ping www.usa.gov
• ping, an echo request from host to host
ping, an echo request
ping, the payload
OSI model
OSI model
Network Ports
21: File Transfer Protocol (FTP)
22: Secure Shell (SSH)
23: Telnet remote login service
25: Simple Mail Transfer Protocol (SMTP)
53: Domain Name System (DNS) service
80: Hypertext Transfer Protocol (HTTP) used in the World
Wide Web
110: Post Office Protocol (POP)
119: Network News Transfer Protocol (NNTP)
143: Internet Message Access Protocol (IMAP)
161: Simple Network Management Protocol (SNMP)
443: HTTP Secure (HTTPS)
OSI model
OSI model
internet and the web
•
•
•
•
internet: network of networks, millions of networks
web: system of interlinked hypertext documents
ports: http 80
Try it: http://www.techcomfort.com:81
• Try it: http://www.techcomfort.com:80
ping, nslookup
traceroute
•
•
•
•
•
•
•
•
•
how does the traffic flow?
network devices: hubs, routers, switches
using nslookup, names and numbers
nslookup www.berkeley.edu
nslookup www.usa.gov
using traceroute
tracert www.techcomfort.com
tracert www.berkeley.edu
tracert www.ca.gov
attack!
Professor Nacht has left instructions for you to build
and launch a cyber attack on the nation state of
Vulgaria.
You have everything you need to build it. How would
you do it?
attack!
• Step 0: Recall that an echo request is an ICMP (ping)
message whose data is expected to be received back
in an echo reply. The host must respond to all echo
requests with an echo reply containing the exact data
received in the request message
• Step 1: Create a list of Vulgarian military and civil servers
that should be targeted
• Step 2: Write a simple script (program) that repeats your
ping request many times a second
• Step 3: Plant this script on computers across the globe
• Step 4: “Flood” the Vulgarian servers with ping requests
from multiple hosts…to which it cannot keep up…the
result...
attack!
server failure 
attack!
• You have just conceptualized the opening cyber
salvo used in the Russo-Georgia War of 2008.
• July 19, 2008: The First Salvo of Cyber Attack
o flood http www.president.gov.ge
o flood tcp www.president.gov.ge
o flood icmp www.president.gov.ge
next time:
Part 2: The Cyber of the
Russo-Georgian War of 2008
Case Study: Distributed Denial: the Tech of Cyber
Attack in the Russo-Georgian Conflict of August 2008
voltage
• Ethernet cable: 2.0 volts
• Composite video: 2.5 volts
• Wall socket in US, Canada: 120 volts, sometimes 240