07/30/18

ICMP
Egypt removed itself from BGP to stop internet
How ZMW exploits normal BGP operationsi
- named after Zhang, Mao, and Wang
- Hundreds of sites fall off the net every day, but we don't usually notice because BGP routes around them
- When one router has to find a new route, it tells its neighbors, which tell their neighbors, and so on
- Attack ZMW messes with BGP on a router and makes a link appear offline. The router will then spread this fake disruption through the Internet
- The new attack uses a large collection of computers (bots) to map the most crucial links in the Internet
- It then takes that link down using ZMW, and restores it repeatedly
- Use a botnet to map the internet to find a heavily used link common to a large number of computers (250,000)
- Bring down that link using ZMW
- When the link goes down, let it come up again, repeat
- Routers will be flooded with updates that they can't handle
Data
- Data in a computer's memory is a sequence of numbers
- Separates into chunks for easier shipping
- places it into layer-4 header (TCP or UDP)
- Layer 3 = what computer
- then surrounds with layer 3 and 2
- Receiver puts entire packet into memory, then removes/ ignore the outer layers until they get to the data
- Finally adds data to other chunks until network transmission is complete
- IP header tells how long the datagram is
- Layer 3 (IP) tells final hop
- Layer 2 (MAC) tells next hop
LAYER 4
- UDP is fast, but not guaranteed delivery
- TCP is guaranteed perfect delivery, but not always on time
- Routers can look at layer 4, but not usually
- UDP = IP + multiplexing + light error checking
- Is there an application listening?
  - 0-1023 = well known (contact) ports
  - 1024-49151 = Registered Ports
  - 49152-65535 = Private and/or Dynamic Ports
  - iana
  - Ex. 80/TCP = Hypertext Transfer Protocol (HTTP)
NAT and PAT, again
- IP : port
- generates own dynamic port
- covers layers 2, 3, and 4
- 1 public IP address for many computers on the network, many private IP addresses
- leaf nodes - data structures - only goes out
- port and IP address changes after going through a NAT PAT router
- Even very large networks can exist with only one IP address
UDP
- just send segments
- can miss data, just care about speed
TCP
- every single packet has ACK
- 3 way handshake
- Creating and closing need extra ack
- syn ack and fin ack
- retransmission timer can expire, then will retransmit
- TCP is smart about how long it waits, slow connection = longer timeout, fast connection = faster timeout
- In reality, use sliding windows, 4 packets, 4 acks
- same ports are used for TCP and UDP
Port forwarding
Why choose UDP rather than TCP?
- Finer applicat
- voice, video

Google Sites

Report abuse