DNS 서비스를 위한 SSFNet의 확장

Abstract

On January 25th of year 2003, the Slammer worm (or sapphire worm) smashed down numerous DNS’s(Domain Name Servers) distributed all around the world with abundant DNS query packets of which number is more than each server can handle. The Internet service failure caused by the DNS down paralyzed some part of the Internet and threatened many Internet users. The damage by DNS down and the recovery cost were huge and pushed many system managers to build up the protection mechanisms. There are numerous methods to protect the Internet resources from such Internet worms. Some methods are used to make an alarm when an attack is started. Other methods separated internal networks from the open Internet not to allow any possible holes the attack penetrates the internal network as soon as the attack starts. However, since no published methods are perfect (developing any excellent methods is not expected in near future), it is possible for another Slammer worm to attack the Internet. And the damage could be more serious than before. A clue to find a better protection method can be found by understanding how the worm propagates through the Internet or by estimating the damage the attack causes. Since it is not feasible to figure out the precise behavior of worm in the real network, a typical detour is to try to understand the behavior through simulation. The effectiveness of simulation is more significant when we want to see the behavior in an extremely large network or a very complicated network. There are various tools to support simulations. Two famous tools, NS-2 and SSFNet, are included in the network simulation tools. A main merit of NS-2 is to support multicast and to support wireless environment simulation. But NS-2 is not suitable for modeling and simulating large scale Internet with more than 100,000 nodes. SSFNet implemented on a simulation kernel, SSF, provides various important network components such as routers, links, network interface cards implemented in JAVA. The features of components can be modified considering simulation environments. Such flexibility may give us more chances to improve the accuracy of network configuration model or worm attack behavior. In addition to that, a network with over 1000,000 nodes can be modeled by the SSFNet. Consequently, we can model the real Internet and see the network behavior under the worm attack through simulation by SSFNet. We have developed a simulation tool with SSFNet. The main target of tool is to figure out the impact of slammer worm in large networks. To see the impact, we needed a DNS module. But unfortunately the SSFNet does not provide any DNS modules. In this paper, we present the way to implement a DNS module on the SSFNet. The implemented DNS module is hired in a simulation. Through the simulation, we justify the accuracy of DNS module and see the impact of slammer worm attack in a relatively large network model.