We are beginning a lesson on network security. let’s first talk about why we need network security in the first place. The Internet is actually subject to a wide variety of attacks on various parts of the infrastructure. One part of the infrastructure that can be attacked is routing. So the internet’s routing protocol, the border gateway protocol, is notorious for being susceptible to different kinds of attacks. For example, on April 8, 2010, China advertised about 50,000 blocks of IP addresses from 170 different countries. The event lasted for about 20 minutes. In this particular case, the hijack appears to have been accidental. Because the prefixes were long enough such that they didn’t disrupt existing routes. But the fact that the route advertisements were allowed to leak in the first place highlights the vulnerability of the border gateway protocol. Effectively, the border gateway protocol. Essentially allows any AS to advertise an IP prefix to a neighboring AS, and that AS will typically just believe that route advertisement and advertise it to the rest of the internet. These events that occur where an AS advertises a prefix that it does not own are called route highjacks. And they tend to occur more often than one might expect. In addition to the event on April 8, 2010, another event in 2008 occurred where Pakistan hijacked the YouTube prefixes, potentially as a botched attempt to block Youtube in the country following a government order. Unfortunately, the event resulted in disruption of connectivity to YouTube for people all around the world. In January of 2006, ConEdison accidentally hijacked a lot of transit networks, including level three Unet and several other large ISPs disrupting connectivity to many customers. And on April 25th in 1995, one of the more famous route hijack incidents was the AS7007 incident, where AS7007 advertised all of the IP prefixes on the entire internet. As originating in its own AS, resulting in disruption of connectivity to huge fractions of the Internet. So we’ve surveyed some famous or, shall we say, notorious attacks on Internet routing, but another part of the infrastructure that’s vulnerable Is naming or the DNS. One very popular and effective means of mounting an attack on the naming system is through something called reflection. DNS reflection is a way of generating very large amounts of traffic targeted at a victim. In an attack called Distributed Denial of Service, or DDos attack. Another type of attack on the naming system is Phishing, whereby an attacker exploits the domain name system in an attempt to trick a user into revealing personal information, such as passwords on a rogue website. In general, denial of service attacks are extremely common and can be mounted in a variety of different ways. DNS reflection is just one way that distributed denial of service attacks are mounted. We’ll explore some others later on in this lesson. It’s worth asking why the internet is so vulnerable to different kinds of attacks.