The Tech The Tech Behind Cyber Behind Cyber

SecuritySecurityOctober 31 | Part 1: From Packets to IP and the “Ping of Death”: An Introduction to Cyber November ?|Part 2: Case Study: Distributed Denial, the Tech of Cyber Attack in the Russo-Georgian War of 2008

0 1

bits and bytesbits and bytes• bit: (binary digit) bit• The basic unit of information in

computing, the amount of information stored by a digital device in one of two possible distinct states, not 1 and 2, off/on

• digital value of 1 = positive voltage, up to 5 volts

• digital value of 0 = 0 volts• 8 bits = 1 byte, usually, but depends on

hardware• byte: the number of bits needed to

encode a single character of text in a computer

binary to letterbinary to letter

01110000 = p01101001 = i01111010 = z01111010 = z01100001 = a

data and packetsdata and packets• data: binary files, 01010010010010010… etc.• packet: a unit of data• from binary to text or image• packet: control information and payload• control information: data the network needs to

deliver the payload, ex. address, error control• payload: the content of your “digital letter”

hosts on networkshosts on networks• who has the data? who doesn’t … hosts going

global and mobile• networks: start local, LANs, wireless LANs,

AirBears• client-server model• addresses, what’s your unique network address?• Type: ipconfig, find IPv4 numerical address • ping www.wikipedia.org• ping ist.berkeley.edu• ping www.ca.gov• ping www.usa.gov• ping, an echo request from host to host

ping, an echo requestping, an echo request

ping, the payloadping, the payload

OSI modelOSI model

OSI modelOSI model

Network Ports

21: File Transfer Protocol (FTP)22: Secure Shell (SSH)23: Telnet remote login service25: Simple Mail Transfer Protocol (SMTP)53: Domain Name System (DNS) service80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web110: Post Office Protocol (POP)119: Network News Transfer Protocol (NNTP)143: Internet Message Access Protocol (IMAP)161: Simple Network Management Protocol (SNMP)443: HTTP Secure (HTTPS)

OSI modelOSI model

OSI modelOSI model

internet and the webinternet and the web• internet: network of networks, millions of

networks• web: system of interlinked hypertext documents• ports: http 80• Try it: http://www.techcomfort.com:81

• Try it: http://www.techcomfort.com:80

ping, nslookup ping, nslookup traceroutetraceroute

• how does the traffic flow?• network devices: hubs, routers, switches• using nslookup, names and numbers• nslookup www.berkeley.edu• nslookup www.usa.gov• using traceroute• tracert www.techcomfort.com• tracert www.berkeley.edu• tracert www.ca.gov

attack!attack!Professor Nacht has left instructions for you to build and launch a cyber attack on the nation state of Vulgaria.

You have everything you need to build it. How would you do it?

attack!attack!• Step 0: Recall that an echo request is an ICMP (ping)

message whose data is expected to be received back in an echo reply. The host must respond to all echo requests with an echo reply containing the exact data received in the request message

• Step 1: Create a list of Vulgarian military and civil servers that should be targeted

• Step 2: Write a simple script (program) that repeats your ping request many times a second

• Step 3: Plant this script on computers across the globe

• Step 4: “Flood” the Vulgarian servers with ping requests from multiple hosts…to which it cannot keep up…the result...

attack!attack!

server failure server failure

attack!attack!• You have just conceptualized the opening cyber

salvo used in the Russo-Georgia War of 2008.

• July 19, 2008: The First Salvo of Cyber Attacko flood http www.president.gov.geo flood tcp www.president.gov.geo flood icmp www.president.gov.ge

next time:next time:

Part 2: The Cyber of the Part 2: The Cyber of the Russo-Georgian War of Russo-Georgian War of

20082008Case Study: Distributed Denial: the Tech of Cyber Attack in the Russo-Georgian Conflict of August 2008

voltagevoltage• Ethernet cable: 2.0 volts• Composite video: 2.5 volts• Wall socket in US, Canada: 120 volts, sometimes

240