80 of code red 2 code red 2 re re code red 1 and code red
play

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 - PowerPoint PPT Presentation

Nov 16, 2023 •103 likes •450 views

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

  1. Slammer ’ s Bandwidth-Limited Growth �

  2. 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since … ?) again 2003 die-off

  3. Code Red 2 re-re- Feb 7 2012! released Jan 2004 (and 2005; not since … ?)

  9. 2009 - 2010

  10. 2012

  11. 2013-2014

  18. Stuxnet : Slowly ramped up centrifuge speeds until they flew apart … … while feeding false readings to control system. Included 4 zero days for spreading

  19. Flame : General information stealer. Includes geolocation from local photos, taking screenshots, microphone access to capture local audio, recording Skype calls, download contacts from nearby BlueTooth devices. Exploited previously unknown MD5 hash collision vulnerability . Built-in autowipe “ kill switch ” .

  20. Gauss : Specifically targets banking transactions, mainly in Lebanon. Includes trapdoor looking for specific accounts, undeciphered to date.

  22. #!/usr/bin/perl while (<>) { chomp; if ( /^(get|post|options|head|...)(.*)/i ) { # Do not respond if it looks like an exploit last if length > 1000; my $date = gmtime; if ( $1 =~ /get|head/i ) print "HTTP/1.1 200 OK\r\n"; elsif ( $1 =~ /search/i ) print "HTTP/1.1 411 Length Required\r\n"; elsif ( $1 =~ /options/i ) { print "HTTP/1.1 200 OK\r\n"; print "DASL: \r\nDAV: 1, 2\r\n"; print "Public: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; print "Allow: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; } elsif ( $1 =~ /propfind/i ) print "HTTP/1.1 207 Multi-Status\r\n"; else print "HTTP/1.1 405 Method Not Allowed\r\n"; } print <<EOF; Server: Microsoft-IIS/5.0 Date: $date GMT Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDACBAABCQ=BHAMAEHAOAIHMOMGJCPFLBGO; path=/ Cache-control: private EOF last; } }

  24. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM VM VM VM

  25. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Dark space: blocks of otherwise VM VM VM unallocated addresses

  26. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Routers send dark space traffic either via VM VM VM tunnels or direct attachment

  27. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Gateway applies filtering to reduce load, allocates VM VM VM honeypot and mediates communication

  28. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Outbound communication attempted by a honeypot VM VM VM

  29. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Outbound communication attempted by a honeypot VM VM VM can be redirected back to another honeypot

  30. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM If redirected traffic again tries to communicate VM VM VM outbound, then we have found a worm

  34. Polymorphic Propagation Decryptor Key Encrypted Glob of Bits ê Decryptor Once running, worm Encryptor uses an encryptor with Key Main Worm Code a new key to propagate } Jmp ¡ ê Decryptor Key2 Different Encrypted Glob of Bits

Recommend

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

BAKERSFIELD COLLEGE SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE 2014-15 FTES by ZIP CODE 2015-16 FTES by ZIP CODE 2016-17 FTES by ZIP CODE 2017-18 State Apportionment for Previous Three

343 views • 31 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us IS HOW YOU SEE US This publication is funded by SIDA, the Swedish International Development Cooperation Agency, through MyRight- Empowers People

343 views • 20 slides
Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the shared pieces of code amongst pieces of d3 code via MOSS and visualize the evolution of D3 code snippets. Scope: about 30k examples of D3 code

278 views • 16 slides
Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that

Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that

Topic 5 Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that reuses new code. 1 Polymorphism Another feature of OOP literally having many forms object variables in Java are

570 views • 17 slides
Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Alembic Pharmaceuticals Limited Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN Reuters Code: ALEM.NS www.alembic-india.com Safe Harbor Statement Materials and information provided during this

553 views • 30 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and documents for correctness and standards Might be informal, everyone gets another team member to look over their code/document before treating them as

448 views • 10 slides
Database design III Courses(code, period, name, teacher) code name code, period teacher

Database design III Courses(code, period, name, teacher) code name code, period teacher

Quiz time! Whats wrong with this schema? Database design III Courses(code, period, name, teacher) code name code, period teacher Functional dependencies cont. {(TDA356, 2, Databases, Niklas Broberg), BCNF and 3NF

92 views • 8 slides
Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser

Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser

Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator string of string of abstract string of characters tokens program integers (source code) (words) (object code) The code

1.05k views • 55 slides
Refactoring Section 7.2.1 (JIAs) OTHER SOURCES Code Evolution Programs evolve and code is

Refactoring Section 7.2.1 (JIAs) OTHER SOURCES Code Evolution Programs evolve and code is

Refactoring Section 7.2.1 (JIAs) OTHER SOURCES Code Evolution Programs evolve and code is NOT STATIC Code duplication Outdated knowledge (now you know more) Rethink earlier decisions and rework portions of the code Customer

1.03k views • 76 slides
1 Reflection on code annotations Classification of Code Annotations (1) Code annotations may

1 Reflection on code annotations Classification of Code Annotations (1) Code annotations may

SW Development and WCET analysis for real-time applications SW is mostly written in imperative programming Classifications of Code languages Annotations and Discussion of Trend: graphical interfaces like state charts Compiler-Support

361 views • 3 slides
Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is

Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is

Tools for reading code Calvin Loncaric Code is read much more often than it is written . Code is read much more often than it is written . Reading code can be hard and boring! Quick, what does this function do?? @Override public void

243 views • 12 slides
Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle

Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle

October 2010 Page 1 of 4 Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle Breed Code Cattle Breed AN Aberdeen Angus FP East Flemish Red Pied NM Normande AB Abondance ER Eringer

340 views • 4 slides
INF5110 Compiler Construction Spring 2016 1 / 98 Outline 1. Intermediate code generation

INF5110 Compiler Construction Spring 2016 1 / 98 Outline 1. Intermediate code generation

INF5110 Compiler Construction Spring 2016 1 / 98 Outline 1. Intermediate code generation Intro Intermediate code Three-address code P-code Generating P-code Generation of three address code Basic: From P-code to TA-Code and back:

1.41k views • 98 slides
INF5110 Compiler Construction Spring 2017 1 / 97 Outline 1. Intermediate code generation

INF5110 Compiler Construction Spring 2017 1 / 97 Outline 1. Intermediate code generation

INF5110 Compiler Construction Spring 2017 1 / 97 Outline 1. Intermediate code generation Intro Intermediate code Three-address code P-code Generating P-code Generation of three address code Basic: From P-code to TA-Code and back:

1.18k views • 97 slides
Review Ch 1-5 Executing code Compile code (convert from C++ to computer code) - Syntax errors

Review Ch 1-5 Executing code Compile code (convert from C++ to computer code) - Syntax errors

Review Ch 1-5 Executing code Compile code (convert from C++ to computer code) - Syntax errors will prevent compilation Run code - Runtime errors will crash your program - Logic errors will make your program give the wrong output Syntax =

192 views • 15 slides
More Visualization CT @ VT Why Functions How can code be made available for others to use?

More Visualization CT @ VT Why Functions How can code be made available for others to use?

Introduction to Computational Thinking More Visualization CT @ VT Why Functions How can code be made available for others to use? Cut/paste of code (as we did for Blockly Python) works only for small amounts of code Need better

216 views • 9 slides

More recommend