Packet Switching, TDM and DDos

By Raul Bernardino

Introduction:

The internet infrastructure is a connection of the hardware and software of

computing around the world. In the internet communication there is a network

cores which are circuit switching and packet switching. These two components are

base for the data transmit and links throughout the networks. In the circuit

switching networks, it needs resources such as buffer, duration, and transmission

rate have to reserve along the path to make a communication between end systems.

While the packet switching networks, the resources are not reserved; it depends on

the sessions of the messages. In other words it is based on demands. This may

cause those transmit packets are in queue or waiting for the communication link to

be free for it turns. The example for circuit switching is telephone networks

whereas caller and receive the call has to establish a communication link before

exchange of the information. While packet switching example is quieting in front

of the receptions or bank cashiers, where only serve you after served others in front

line.

To have more understanding on the advantages and disadvantages of these two

network core system as follows:

a. Circuit switches argue that packet switches are not suitable with the real

time communication such as telephone calls and video-conference calls.

This argue proven with the delay in end to end system.

b. However the proponent (packet switches) argue that it better bandwidth

management, simple and more efficient, and less cost compare to circuit

switches.

To prove these two arguments above I would like take other example 1Mbps link

share with 10 users with the constant rate of 100kbps data generates and users

active time is 10%.

With circuit switches, Time Division Multiplexing (TDM), 100kbps has to divided

and reserved to each user for all the time. Assuming that 1 second frame is divided

to 10 time slot (users) then it ended with 100 mili-seconds allocate to each users

which is 1 time slot per frame. The circuit switch links only support 10 users

simultaneously. This is coming from 1Mbps=1000kbps, where 1000kbps/100kbps

= 10.

How about the packet switching, the probability of that specific user is 0.1 (10%).

If the there are 35 users and probability 11 users or more are using 1 Mbps

bandwidth simultaneously then the approximity 0.0004. Which means less than 10

user it will be maximize the bandwidth with.0.9996. Therefore packet switches are

refere to statistical multiplexing.

Botnet and DDoS

Bots was developed as virtual to operate in occupied machine (PS) where it is use IRC channel.

However soon after it is becoming IRC worms which effected to the PC. Later it become steal

passwords and gain financial. The bot can be seeing underground movement. It can be rented the

services to perform denial of service attack to the target computer in the remote location. If there

is large number of compromise machines it can be generated large amount of traffic on network

from email or denial services.

How it works: first botnet try to recruited computer from remote location by running malicious

software. Second organize to the target groups with the multiple similar malicious software;

however it operates with different bot herders (criminal entities) as it shows in below picture.

Picture 1.

1. Botnet send virus to the infected ordinary users

2. The bot on infected PC log into particular server

3. Send spam from purchase operator trough botnet service

4. Spammer send spam message to bot operate to compromise the machine via IRC

Picture 2: Internal DNS Server Lookup

Normal DNS look up process

Pictiure 3: DNS Chace poisoning

The steps in above picture are how DNS gets attacks.

Questions?

1. DHCP Message set over UDP

2. Discover screen shot

Offer screen shot

Request screen shot

Ack screen shot

Time source destination and protocol screen shot

3. The Ethernet 10.2.0 116

4.The values in the DHCP discover message is in below screen shot:

The value of DHCP request message is below screen shot:

5.The transaction-ID for Discover/Offer/Request/ACK in DHCP messages is oxb49697d5

The transaction-ID in the second set (Request/ACK) is oxb49697d5. The purpose of the

Transaction-ID field is to identify one packet. As it show in screen shot:

6. The value of datagram are in the below screen shot:

7. The IP address of your DHCP server 10.2.0.5

“C:\Users\Rbernardino>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ANPCOM312001

Primary Dns Suffix . . . . . . . : anp-tl.org

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : anp-tl.org

Mobile Broadband adapter Mobile Broadband Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Qualcomm Gobi 2000 HS-USB Mobile Broadband device 9205

Physical Address. . . . . . . . . : 00-A0-C6-00-00-00

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : anp-tl.org

Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN

Physical Address. . . . . . . . . : 00-23-14-31-38-B0

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : anp-tl.org

Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-26-2D-F9-39-EE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::b477:bc75:aa8b:d93f%14(Preferred)

IPv4 Address. . . . . . . . . . . : 10.2.0.116(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Wednesday, August 10, 2011 9:31:06 AM

Lease Expires . . . . . . . . . . : Thursday, August 11, 2011 10:43:09 AM

Default Gateway . . . . . . . . . : 10.2.0.11

DHCP Server . . . . . . . . . . . : 10.2.0.5

DHCPv6 IAID . . . . . . . . . . . : 317775601

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0C-C6-AE-F0-DE-F1-22-B5-D5 “

8. IP offered from DHCP server is IPv4 Address.. . : 10.2.0.116(Preferred)

9. In the example screenshot in this assignment, there is no relay agent between the

host and the DHCP server. What values in the trace indicate the absence of a relay

agent? Is there a relay agent in your experiment? If so what is the IP address of

the agent?

10. Router is the gateway where workstations can communicate to out site/in site of the network.

While subnet mask is to identify sub netting in the networks.

11. Just plug in to the network and it will be giving IP from DHCP sercer

12. the purpose of having the lease time to release automatic if the if the computer is not on

during the lease time and the IP will be giving to others who has connected to the network. In our

case is 5 days.

13. The purpose it so release the IP from the host. It is “ack” the request. If it is not ack it would

be not release the IP of the host

14. The purpose it to send out an Ethernet broadcast packet containing the desired

IP address. The desired host (or another system acting on its behalf) replies to the

packet by sending a packet which contains an IP address and Ethernet address pair.

This response (if any) is cached by all hosts. Cache is periodically refreshed

I used the command prompt to find the IP of the www.uol.ohecampus.com. The IP

address of the www.uol.ohecampus.com is 74.116.156.44 as show in below

captured.

“Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Rbernardino>nslookup www.uol.ohecampus.com

Server: anp-tl-dil-ws01.anp-tl.org

Address: 10.2.0.5

Non-authoritative answer:

Name: www.uol.ohecampus.com

Address: 74.116.156.44

C:\Users\Rbernardino>nslookup

Default Server: anp-tl-dil-ws01.anp-tl.org

Address: 10.2.0.5

> set q=any

> ohecampus.com

Server: anp-tl-dil-ws01.anp-tl.org

Address: 10.2.0.5

Non-authoritative answer:

ohecampus.com internet address = 74.116.156.176

ohecampus.com nameserver = dns3.onlinehighered.com

ohecampus.com nameserver = ns1.laureate.net

ohecampus.com nameserver = ns1.ohecampus.co.uk

ohecampus.com nameserver = dns1.onlinehighered.com

ohecampus.com nameserver = dns2.onlinehighered.com

ohecampus.com

primary name server = dns1.onlinehighered.com

responsible mail addr = hostmaster.laureate.net

serial = 2011072920

refresh = 3600 (1 hour)

retry = 1200 (20 mins)

expire = 1209600 (14 days)

default TTL = 3600 (1 hour)

ohecampus.com MX preference = 6, mail exchanger = ohecampus.com.s8b1.psmtp.com

ohecampus.com MX preference = 8, mail exchanger = ohecampus.com.s8b2.psmtp.com

ohecampus.com MX preference = 2, mail exchanger = ohecampus.com.s8a1.psmtp.com

ohecampus.com MX preference = 4, mail exchanger = ohecampus.com.s8a2.psmtp.com

>”

Reference List:

1. Kurose James, Ross Keith, 2010;’Computer Networking; A Top-Down

Approach: 5th Edition’; Boston, Addison-Wesley

2. Lecture notes, CPCOMM_week1_lecture

3. Botnet, [on-line]. Available from: http://en.wikipedia.org/wiki/Botnet

(Accessed date: August 9, 2011)