JANUARY 16, 2010

LECTURER: HENRY CHRISTIANTO, ST., MTI

HACKER IS EVERYWHERE…. IS THAT INTERNET SAVE ?

Chapter 5 Figure 5-7

iPremier Co Cage

To Public Internet

D

UPPER LOWER NORMA

InternetRouter

Router- Cust A

Router- Cust B

Router- Cust ...

VPN Cust B

VPN Cust ...

Router Firewall

Web Server Cluster

Database Server

S D

SD

SMTP/POPServer

SD

DNS Servers

Ethernet Switch

SD

Web Accelerator

Router to HO

T1

SD

NetworkManagement

Ethernet Switches

Qdata Facility

DIAGRAM SIMPLIFIED FOR ILLUSTRATION PURPOSES

VPN Cust A

VPN iPremier Company

Qdata Private Network

SD

Network Management

SD

S D

Big Iron

Source : Austin, Robert D.; Leibrock, Larry; Murray, Alan, “The iPremierCompany: Denial of Service Attack (A), ”Harvard Business School Case No. 601-114.

4.31 am 4.39 am 5.27 am 5.46 am

• WEB SITE LOCKED• FLOODING E-MAIL

• TRIAL 1 : RESTART WEB SERVER

• RESULT : FAILED• RECOMENDATION : PULL THE PLUG

• ANALYZE: SYN FLOOD DoS ATTACK• TRIAL 2 : SHUTTING DOWN TRAFFIC• RESULT : FAILED

SERVER IS RUNNING, ATTACK

STOPPED

Chapter 6 Figure 6-6

Normal and DoS Handshakes

WebUser’s PC

WebsiteServer

WebsiteServer

WebUser’s PC

SYN: User’s PC says “hello”

ACK-SYN: Server says “Do you want to talk”

ACK: User’s PC says “Yes, let’s talk”

Normal Handshake

DoS Handshake

SYN: User’s PC says “hello” repeatedly

ACK-SYN: Server says “Do you want to talk” repeatedly

No Response: User’s PC waits for server to “timeout”

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

Chapter 6 Figure 6-7

A Distributed Denial of Service Attack

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

W ebsiteServer

Attacker 1

Attacker 3

Attacker 2

Attacker 5

Attacker 4

Attacker 6

Attacker 7

Attacker 8

Attack Leader

Attack Leader facilitates SYN floods from multiple sources.