Stranger Things

You may recall from this past fall, that quite a few sites were slow, if not inaccessible, on Friday, 21 October 2016, the result of distributed denial of service (DDoS) attack on Dyn, a popular DNS service provider. Involved in that attack was a botnet powered by Mirai, malware that infected vulnerable devices on the Internet of Things (IoT).

Answer the below in things.txt, each in your own words.

Questions

  1. (2 points.) Why were so many sites inaccessible during the attack on Dyn, even though the sites themselves were not offline?

  2. (2 points.) Why are so many IoT devices susceptible to malware?

  3. (4 points.) Recall that TCP/IP packets, much like mailing envelopes in the real world, contain both a source address (i.e., a sender’s IP address) and a destination address (i.e., a recipient’s IP address). And they also contain a destination port, a number that uniquely identifies one of the recipient’s services (e.g., 443 for HTTPS). It turns out that TCP/IP packets also contain a source port, a pseudorandom number that uniquely identifies a connection that the source has to a destination. That way, a device can maintain multiple connections to some server.

    IoT devices, though, are often installed in a home, in which case they (likely) have private IP addresses, obtained via DHCP from a home router, which aren’t publicly routable on the internet. And so those IoT devices relay their TCP/IP packets through the home router, which routes them toward their destination on the internet. That home router, meanwhile, has its own private IP address (with which it communicates with those IoT devices) as well as a public IP address (with which it communicates with the internet). But if multiple IoT devices have sent packets to some server on the internet (as might happen when CCTV video cameras upload their footage to the cloud), all of those packets therefore appear to have come from the same address, the home router’s public IP address. But the server somehow has to reply to the correct IoT device behind the home router (as to acknowledge receipt of some packet).

    What changes must a home router therefore make to a TCP/IP packet from some device before routing it toward some server on the internet to ensure that it can relay the server’s response back to the same device? And when the server replies with a packet of its own, what should that packet’s destination IP address and destination port be? Assume that the home router has memory in which you can store as much state as you’d like.

Debrief

  1. Which resources, if any, did you find helpful in answering this problem’s questions?

  2. About how long did you spend on this problem’s questions?