On the attack side, this talk will explain and demonstrate attacks which crash Mac OS X, Windows 8, Windows Server 2012, and Web servers; causing a BSOD or complete system freeze. The Mac and Windows systems fall to the new IPv6 Router Advertisement flood in thc-ipv6-2.1, but only after creating a vulnerable state with some "priming" router advertisements. Servers fail from Sockstress--a brutal TCP attack which was invented in 2008, but still remains effective today.
On the defense side: the inside story of the DDoS that almost Broke the Internet.
In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. Spamhaus gave us permission to talk about the details of the attack. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet's infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here's what the network needs to do in order to protect itself.
Matthew Prince (@eastdakota) is the co-founder & CEO of CloudFlare, the web performance and security company.
Matthew wrote his first computer program at age 7 when his mom would sneak him in to university computer science courses. After attending law school, he worked as an attorney for one day before jumping at the opportunity to be a founding member of a tech startup. He hasn't looked back. CloudFlare is Matthew's third entrepreneurial venture. CloudFlare was named a 2012 Technology Pioneer by the World Economic Forum and selected by the Wall Street Journal as the Most Innovative Internet Technology company for the last two years running. Today, CloudFlare accelerates and protects more than 120 billion page views for over a million customers and more than 1.5 billion web visitors every month.
Matthew holds a degree in English and Computer Science from Trinity College. He graduated with highest honors from the Harvard Business School where he was a George F. Baker Scholar and was awarded the Dubliner Prize for Entrepreneurship. He earned a JD from the University of Chicago and is a member of the Illinois Bar. He teaches technology law as an adjunct professor at the John Marshall Law School where he serves on the Board of Advisors for the Center for Information Technology and Privacy Law. He is also the co-creator of Project Honey Pot, the largest community of webmasters tracking online fraud and abuse. On the side, Matthew is a certified ski instructor, a former mountain guide, and a regular attendee of the Sundance Film Festival.
2. Attacks: RA Flood and SockStress
2a. How IPv6 addressing works, simple summary of Router Advertisements
2b. Explanation of the new flood_router26 attack and why it is far more powerful than previous RA flood attacks
2c. The secret ingredient: two simulated or real normal IPv6 routers in the LAN to induce a vulnerable state
2d. Demonstration: killing Mac OS X, Windows 8, and Windows Server 2012 dead in a few seconds
2e. Sockstress -- history: origin in 2008, podcast, death of author, lack of available source code, difficulty of configuration, and consequent neglect by the security community
2f. The current absurd situation: a powerful attack from 2008 still remains unpatched on most systems
2g. Demonstration: Killing Windows 8 dead with SockStress
3. Defense: The DDoS That Almost Broke the Internet
3a. Details of the Spamhaus attack
- When they signed up
- What the attackers were doing
- How the attack grew
- What the attackers did next to escalate their attack
- How the attack was mitigated
3b. The next attack
- Vulnerabilities the Spamhaus attack exposed
- Weak points on the network
- What the attackers will do next
- How the network can be defended
Files on magnetic hard drives remain on the drive even after they are deleted, so they can be recovered later with forensic tools. Sometimes SSDs work the same way, but under other conditions they erase this latent data in a "garbage collection" process. Understanding when and how this happens is important to forensic investigators and people who handle confidential data.
I'll explain the purpose of garbage collection, and how it is affected by the operating system, SSD model, BIOS settings, TRIM, and drive format. I'll demonstrate SSD data evaporation on a MacBook Air and a Windows system, using my "evap" tool (available for everyone to use) that makes it easy to test SSDs for data evaporation.
2. A couple of famous examples of important latent data recovered by forensic investigators.
3. Technical explanation of data retention on magnetic hard drives and data recovery--data remains in the clusters until it is overwritten.
4. Demonstration: Storing data on a magnetic hard drive, deleting it, and recovering it.
5. Demonstration: Storing data on a SSD, deleting it, and seeing it evaporate so recovery is impossible.
6. Demonstration: Changing partition format on the same SSD to stop data evaporation, so deleted data is now recoverable.
7. Explanation of how SSDs work and why "garbage collection" is performed--it's intended to improve SSD performance.
8. Description of factors that influence data evaporation--operating system, SSD model, TRIM, BIOS settings, and drive format.
9. Discussion of portable devices: iPhone, iPad, Surface, Android phones, etc. with possible demo.