Le Monde (the translated version here) reports that the web site of the French Embassy in China has been inaccessible for a few days. The cause is an apparently DDoS. The attack seems to be a consequence of the political tensions between China and France as result of the meeting of the french president Sarkozy with the Dalai Lama in Poland.
Today I was asking in how to monitor TCP connections on NS-2. Then I decided to blog about the topic.
First you need a TCP agent and maybe with a FTP or some sort of application (I suppose that you already have some nodes):
#Setup a TCP connection set tcp1 [new Agent/TCP]
$tcp1 set class_ 2
#Attach tcp to node n0 $ns attach-agent $n0
$tcp1 set sink [new Agent/TCPSink]
#Attach a sink to node
n1 $ns attach-agent $n1 $sink $ns connect $tcp1 $sink
$tcp1 set fid_ 1
#Setup a FTP over TCP connection
set ftp0 [new Application/FTP]
#Link tcp agent with FTP application
$ftp0 attach-agent
$tcp1 $ftp0 set type_ FTP
Now, create a procedure to print some TCP information
proc update_tcpinfo {} {
global ns file_out time_step
set now [$ns now]
set window [$tcp set cwnd_]
set avgwind [$tcp set awnd_]
set rtt [$tcp set rtt_]
set acks [$tcp set ack_]
Then you have window, avgwind, rtt and acks that you can print out to screen or to a file (an output file or may be the tracefile, I would recommend a separate trace file).
puts $file_out "$now $window $avgwind $rtt $acks"
And call the procedure every time_step
$ns at [expr $now + $time_step] "update_tcpinfo" }
To declare your outfile just do it as the trace and nam files are normally initiated:
#Open flow file set file_out [open flow_trace.txt w]
And do not forget to close it:
#Define a 'finish' procedure
proc finish {} {
global ns nf tf file_out
$ns flush-trace
#Close the NAM trace file
close $nf
#Close the Trace file
close $tf
#Close outputs file
close $file_out
#Execute NAM on the trace file, uncomment the next line to exec NAM automatically
#exec nam out.nam & exit 0
}
Call the procedure and run the simulation
$ns at 0.5 "updatetcpinfo" #Call the finish procedure after 5 seconds of simulation time $ns at 5 "finish" #Run the simulation $ns run
This is only pseudo code and it could have some errors. I prepared a working file that can be found here:
Well, I started to play with the new YouTube feature to add captions to your video. I think that my video of the DoS attack simulation is better explained with captions. This is the same video that I have used in some of my research work and paper presentations.
I do not why but the embedded video did not show the captions, so the link is here.
This has been around the twitter world and it is funny and serious. Some days ago Revision 3, a new media company that distribute their content via Internet was under a DDoS attack. They just released in their blog that the attack came by no other than MediaDefender. MediaDefender is a dark company paid by content distributors in order to disrupt, hack and to do other non ethical activities with the flag of "Anti-piracy". It results that Revision 3 uses bittorrent, a very common P2P tool to distribute ITS OWN content.
Many questions raise with these actions. What was Mediadefense doing against Revision3? Are legal their actions? What are the MediaDefender's criteria to "disrupt" torrent sources?
I honestly hope that Revision 3 take some legal action against this attack. I think that is enough with the danger that website owners face today with attacks from botnets, it is not good to add more attack sources such as this type of companies.
I just realized that my research page it is a little bit difficult to manage and that I was using my wiki like a blog. So I will do some changes. Among them I plan to integrate and use more web 2.0 technologies, e.g. I will add my papers in CiteUlike, I will manage my links in Del.icio.us with tags, I will post some news using twitter and Yahoo Pipes and so on. Probably I even will start using Google Sites to host the pages instead of the university infrastructure.
According to Jean-Michel Louboutin, Executive Director of Interpol Police the main security risk in the Olympic Games is the physical security of the visitors (and Chinese people as well). I agree with that, however I think that in the interview with PCWorld he subestimate the effect of a DDoS attack. The Chinese Internet infrastructure might be stronger against a DDoS than Estonian, but in a synchronized attack some services such as news reports or the Internet communication of visitors may be compromised. It is true that according to MessageLabs the infamous botnet "Storm" seems to shrunk; although these are good news (and less DoS could be launch) we are not sure if the small size of Storm is due to better security practices or just that another group of hackers has taken control of the botnet.
I read a comment in the Bruce Schneier's Blog about security: Never say "never", "this is impossible", "this will not happen". I honestly wish to be wrong, but I am sure that it will be more than one attack against the olimpyc infrastructure and at least one will success.
This post in spanish
