CS Network Quiz 6
Botnet
A logical computer network of zombies under the control of an attacker.
Electronic mail
Three major components: §user agents §mail servers §simple mail transfer protocol: SMTP
denial-of-service (DoS) attacks
attack renders a network, host, or other piece of infrastructure unusable by legitimate users. Three main kinds: • Vulnerability attack. This involves sending a few well-crafted messages to a vulnerable application or operating system running on a targeted host. If the right sequence of packets is sent to a vulnerable application or operating system, the service can stop or, worse, the host can crash. • Bandwidth flooding. The attacker sends a deluge of packets to the targeted host—so many packets that the target's access link becomes clogged, preventing legitimate packets from reaching the server. • Connection flooding. The attacker establishes a large number of half-open or fully open TCP connections at the target host. The host can become so bogged down with these bogus connections that it stops accepting legitimate connections.
POP3
copies and keeps copies of messages on different clients, stateless across sessions
DASH: Dynamic, Adaptive Streaming over HTTP
server: • divides video file into multiple chunks • each chunk stored, encoded at different rates • manifest file: provides URLs for different chunks client: • periodically measures server-to-client bandwidth • consulting manifest, requests one chunk at a time • chooses maximum coding rate sustainable given current bandwidth • can choose different coding rates at different points in time (depending on available bandwidth at time) "intelligence" at client: client determines • when to request chunk (so that buffer starvation, or overflow does not occur) • what encoding rate to request (higher quality when more bandwidth available) • where to request chunk (can request from URL server that is "close" to client or has high available bandwidth)
bring home:
smaller number (10's) of larger clusters in POPs near (but not within) access networks • used by Limelight
Intercepting DNS queries
sniffing+spoofing As no encryption is applied to DNS messages, any on-path attacker can sniff a query and try to beat the legitimate server by quickly crafting a spoofed answer
CDN
stores copies of content at nodes • e.g. Netflix stores copies of MadMen subscriber requests content • directed to nearby copy, retrieves content • may choose different copy if network path congested
authoritative DNS servers:
• organization's own DNS server(s), providing authoritative hostname to IP mappings for organization' s named hosts • can be maintained by organization or service provider
top-level domain (TLD) servers:
• responsible for com, org, net, edu, aero, jobs, museums, and all top-level country domains, e.g.: uk, fr, ca, jp • Network Solutions maintains servers for .com TLD • Educause for .edu TLD
Malware
Once it infects our device it can do all kinds of devious things, including deleting our files; installing spyware that collects our private information, such as social security numbers, passwords, and keystrokes, and then sends this (over the Inter- net, of course!) back to the bad guys.
Worms
malware that can enter a device without any explicit user interaction.
Viruses
malware that requires some form of user interaction to infect the user's device. The classic example is an e-mail attachment containing malicious executable code. If a user receives and opens such an attachment, the user inadvertently runs the malware on the device.
enter deep:
push CDN servers deep into many access networks • close to users • used by Akamai, 1700 locations
Attacking DNS
DDoS attacks: § bombard root servers with traffic • not successful to date • traffic filtering • local DNS servers cache IPs of TLD servers, allowing root server bypass § bombard TLD servers • potentially more dangerous redirect attacks: § man-in-middle • Intercept queries § DNS poisoning § Send bogus relies to DNS server, which caches
DNS Resource Records
Format: (name, value, type, ttl) type=A § name is hostname § value is IP address type=NS • name is domain (e.g., foo.com) • value is hostname of authoritative name server for this domain type=CNAME § name is alias name for some "canonical" (the real) name § www.ibm.com is really servereast.backup2.ibm.com § value is canonical name type=MX § value is name of mailserver associated with name
packet sniffer
Software or hardware used to collect packets travelling over a network.
SMTP vs HTTP
§ HTTP: pull § SMTP: push § both have ASCII command/response interaction, status codes § HTTP: each object encapsulated in its own response message § SMTP: multiple objects sent in multipart message
DNS: root name servers
§ contacted by local name server that can not resolve name § root name server: • contacts authoritative name server if name mapping not known it gets mapping • returns mapping to local name server
iterated query:
§ contacted server replies with name of server to contact § "I don't know this name, but ask this server "
Domain Name System:
§ distributed database implemented in hierarchy of many name servers § application-layer protocol: hosts, name servers communicate to resolve names (address/name translation)
Local DNS name server
§ does not strictly belong to hierarchy § each ISP (residential ISP, company, university) has one • also called "default name server" § when host makes DNS query, query is sent to its local DNS server • has local cache of recent name-to-address translation pairs (but may be out of date!) • acts as proxy, forwards query into hierarchy
DNS services
§ hostname to IP address translation § host aliasing: canonical, alias names § mail server aliasing § load distribution- replicated Web servers: many IP addresses correspond to one name
IMAP
§ keeps all messages in one place: at server § allows user to organize messages in folders § keeps user state across sessions: names of folders and mappings between message IDs and folder name
Pure P2P architecture
§ no always-on server § arbitrary end systems directly communicate § peers are intermittently connected and change IP addresses
recursive query:
§ puts burden of name resolution on contacted name server § heavy load at upper levels of hierarchy?
DNS protocol, messages
§ query and reply messages, both with same message format message header § identification: 16 bit # for query, reply to query uses same # flags: § query or reply § recursion desired § recursion available § reply is authoritative
why not centralize DNS?
§ single point of failure § traffic volume § distant centralized database § maintenance
Video
§ video: sequence of images displayed at constant rate (e.g., 24 images/sec) § digital image: array of pixels where each pixel represented by bits § coding: use redundancy within and between images to decrease # bits used to encode image • spatial (within image) • temporal (from one image to next) § CBR: (constant bit rate): video encoding rate fixed § VBR: (variable bit rate): video encoding rate changes as amount of spatial, temporal coding changes
User Agent
§a.k.a. "mail reader" §composing, editing, reading mail messages §e.g., Outlook, Thunderbird, iPhone mail client §outgoing, incoming messages stored on server
mail servers:
§mailbox contains incoming messages for user §message queue of outgoing (to be sent) mail messages §SMTP protocol between mail servers to send email messages •client: sending mail server •"server": receiving mail server
SMTP
§uses TCP to reliably transfer email message from client to server, port 25 §direct transfer: sending server to receiving server §three phases of transfer 1)handshaking (greeting) 2)transfer of messages 3)closure §command/response interaction (like HTTP) •commands:ASCII text •response:status code and phrase §messages must be in 7-bit ASCI § SMTP uses persistent connections
