1. Packet Switching, TDM and DDos
By Raul Bernardino
Introduction:
The internet infrastructure is a connection of the hardware and software of
computing around the world. In the internet communication there is a network
cores which are circuit switching and packet switching. These two components are
base for the data transmit and links throughout the networks. In the circuit
switching networks, it needs resources such as buffer, duration, and transmission
rate have to reserve along the path to make a communication between end systems.
While the packet switching networks, the resources are not reserved; it depends on
the sessions of the messages. In other words it is based on demands. This may
cause those transmit packets are in queue or waiting for the communication link to
be free for it turns. The example for circuit switching is telephone networks
whereas caller and receive the call has to establish a communication link before
exchange of the information. While packet switching example is quieting in front
of the receptions or bank cashiers, where only serve you after served others in front
line.
To have more understanding on the advantages and disadvantages of these two
network core system as follows:
a. Circuit switches argue that packet switches are not suitable with the real
time communication such as telephone calls and video-conference calls.
This argue proven with the delay in end to end system.
b. However the proponent (packet switches) argue that it better bandwidth
management, simple and more efficient, and less cost compare to circuit
switches.
To prove these two arguments above I would like take other example 1Mbps link
share with 10 users with the constant rate of 100kbps data generates and users
active time is 10%.
With circuit switches, Time Division Multiplexing (TDM), 100kbps has to divided
and reserved to each user for all the time. Assuming that 1 second frame is divided
to 10 time slot (users) then it ended with 100 mili-seconds allocate to each users
which is 1 time slot per frame. The circuit switch links only support 10 users
simultaneously. This is coming from 1Mbps=1000kbps, where 1000kbps/100kbps
= 10.
2. How about the packet switching, the probability of that specific user is 0.1 (10%).
If the there are 35 users and probability 11 users or more are using 1 Mbps
bandwidth simultaneously then the approximity 0.0004. Which means less than 10
user it will be maximize the bandwidth with.0.9996. Therefore packet switches are
refere to statistical multiplexing.
Botnet and DDoS
Bots was developed as virtual to operate in occupied machine (PS) where it is use IRC channel.
However soon after it is becoming IRC worms which effected to the PC. Later it become steal
passwords and gain financial. The bot can be seeing underground movement. It can be rented the
services to perform denial of service attack to the target computer in the remote location. If there
is large number of compromise machines it can be generated large amount of traffic on network
from email or denial services.
How it works: first botnet try to recruited computer from remote location by running malicious
software. Second organize to the target groups with the multiple similar malicious software;
however it operates with different bot herders (criminal entities) as it shows in below picture.
Picture 1.
1. Botnet send virus to the infected ordinary users
2. The bot on infected PC log into particular server
3. Send spam from purchase operator trough botnet service
4. Spammer send spam message to bot operate to compromise the machine via IRC
3. Picture 2: Internal DNS Server Lookup
Normal DNS look up process
Pictiure 3: DNS Chace poisoning
4. The steps in above picture are how DNS gets attacks.
Questions?
1. DHCP Message set over UDP
2. Discover screen shot
Offer screen shot
5. Request screen shot
Ack screen shot
Time source destination and protocol screen shot
3. The Ethernet 10.2.0 116
4.The values in the DHCP discover message is in below screen shot:
6. The value of DHCP request message is below screen shot:
5.The transaction-ID for Discover/Offer/Request/ACK in DHCP messages is oxb49697d5
The transaction-ID in the second set (Request/ACK) is oxb49697d5. The purpose of the
Transaction-ID field is to identify one packet. As it show in screen shot:
7. 6. The value of datagram are in the below screen shot:
8. 7. The IP address of your DHCP server 10.2.0.5
“C:UsersRbernardino>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ANPCOM312001
Primary Dns Suffix . . . . . . . : anp-tl.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : anp-tl.org
Mobile Broadband adapter Mobile Broadband Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
9. Description . . . . . . . . . . . : Qualcomm Gobi 2000 HS-USB Mobile Broadband device 9205
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : anp-tl.org
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-23-14-31-38-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : anp-tl.org
Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-26-2D-F9-39-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b477:bc75:aa8b:d93f%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.2.0.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 10, 2011 9:31:06 AM
Lease Expires . . . . . . . . . . : Thursday, August 11, 2011 10:43:09 AM
Default Gateway . . . . . . . . . : 10.2.0.11
DHCP Server . . . . . . . . . . . : 10.2.0.5
DHCPv6 IAID . . . . . . . . . . . : 317775601
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0C-C6-AE-F0-DE-F1-22-B5-D5 “
8. IP offered from DHCP server is IPv4 Address.. . : 10.2.0.116(Preferred)
9. In the example screenshot in this assignment, there is no relay agent between the
host and the DHCP server. What values in the trace indicate the absence of a relay
agent? Is there a relay agent in your experiment? If so what is the IP address of
the agent?
10. 10. Router is the gateway where workstations can communicate to out site/in site of the network.
While subnet mask is to identify sub netting in the networks.
11. Just plug in to the network and it will be giving IP from DHCP sercer
12. the purpose of having the lease time to release automatic if the if the computer is not on
during the lease time and the IP will be giving to others who has connected to the network. In our
case is 5 days.
13. The purpose it so release the IP from the host. It is “ack” the request. If it is not ack it would
be not release the IP of the host
14. Thepurpose it to send out an Ethernet broadcast packet containing the desired
IP address. The desired host (or another system acting on its behalf) replies to the
packet by sending a packet which contains an IP address and Ethernet address pair.
This response (if any) is cached by all hosts. Cache is periodically refreshed
I used the command prompt to find the IP of the www.uol.ohecampus.com. The IP
address of the www.uol.ohecampus.com is 74.116.156.44 as show in below
captured.
“Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersRbernardino>nslookup www.uol.ohecampus.com
Server: anp-tl-dil-ws01.anp-tl.org
Address: 10.2.0.5
Non-authoritative answer:
Name: www.uol.ohecampus.com
Address: 74.116.156.44
C:UsersRbernardino>nslookup
Default Server: anp-tl-dil-ws01.anp-tl.org
Address: 10.2.0.5
> set q=any
