Вы находитесь на странице: 1из 12

By Clinton Dudley

Denial of Service Attacks

DoS & DDoS Attacks

In general, a denial of service attack is an effort to render a

machine or network resource unavailable to its users.
3 Methods:
1. Jamming the target system's signal
2. Exhausting the power source
3. Flooding the victim with meaningless data

Distributed Denial of Service use multiple machines in order

to carry out a DoS attack

CIA Triad

A widely used benchmark for evaluating the effectiveness of

information systems security, (Fenrich 2008).
1. Confidentiality inability of unauthorized users to access info or
2. Integrity preventing data modification
3. Availability assurance that the data and resources are accessible
to those who need them, when they need them (Fenrich 2008)

DoS and DDoS attacks compromise the availability of a system

Christmas Day 2014

DDoS attack against Microsoft

XBOX Live and Sony PSN networks.

Both networks down for the

majority of the day.

Hacker group Lizard Squad

launched attack for the lulz

(Turton 2014).

Many brand new consoles which

required downloaded updates or
game content, rendered virtually

Lizard Squad's Christmas Day 2014 Attacks

Hacker group, Lizard Squad,
launched DDoS attack against
both online gaming networks for
their own entertainment, just
because they could.

Weve got some devices that

are connected to the undersea
cables that facilitate the
Internet connects between the
United States and Europe. We
Lizard Squad claims their
have access to some of the
attacks maxed out at 1.2 terabits devices that are in the middle
of the ocean that have
per second (Turton 2014).
something like 100-gigabit-perClaims remain unverified,
however if true, would be largest second Internet connections
(Turton 2014).
DDoS attack in history.


Set out to model traditional DoS & DDoS flooding attacks.

Low Orbit Ion Cannon (LOIC)

Initially developed as a stress testing program for web services and works by
sending continuous TCP, UDP, or HTTP requests to a target.

Netwox SYN Flooding

Sending many SYN requests to the victim's TCP port without finishing the 3way handshake

Oracle Virtual Machine Virtualbox

SEED Ubuntu Image

Virtual Machine & Network Setup

Used SEEDUbuntu virtual machine
image from the SEED Project

Created a clone of the original image named


Set up 2 Network Adapters for each VM

in order to communicate between the
two VM's, the host PC, and the internet.

Adapter1: NAT each VM on its own private


Adapter2: Host-Only the two VM's and the

host are all on a common network to allow
communication between each.

Each machine has 2 IP addresses, 1 associated

with each network.

Low Orbit Ion Cannon

Select Target: IP Address of Victim VM in Host-Only Network

Attack Options: HTTP Protocol on Port 80

Discussion & Results of Attack 1

Using LOIC to launch an attack

from the Host PC against the
target Victim VM

The Victim machine slowed

processing a bit, but was mainly

Able to respond to pings and load

web pages

In some circumstances, this could be

considered a successful attack, for
some just slowing the web service is
enough to cause significant damage

In order to stress the machine

further, incorporated Netwox
SYN Flooding feature in
conjunction with LOIC to
simulate DDoS attack

LOIC attack launched via Host PC

SYN Flood launched via SEEDUbuntu

VM image

SYN Flooding attack opens many

half-opened TCP connections

LOIC attack against HTTP Port 80

DDoS Simulation Results

Combining the LOIC and Netwox attacks produced a much more effective result. The Victim
machine slowed down rapidly, to the point of being completely unresponsive.

At first, just unable to access the internet

Progressed to no processes working mouse movements, opening/closing programs, swapping windows etc.

Upon stopping the attack, processing resumed.


Launching DoS attack with LOIC alone,

Experienced some latencies in Victim machine, but nothing

Likely due to the fact that all three machines have the same bandwidth.
Since bandwidth of attacker & victim are the same, attacker is unable
to overwhelm victim with traffic
An actual attacker would have purchased equipment to increase
bandwidth to be greater than the victim

DDoS Simulation

Two different protocols utilized

In a real world DDoS attack, more likely assailant would use a botnet to
attack victim via same protocol for all bots.

Ashford, W. (2016). DDoS is the most common method of cyber attack on financial institutions.Computer Weekly, 4-6.

Botta, A., de Donato, W., Persico, V., & Pescap, A. (2016). Integration of cloud computing and internet of things: a survey.Future Generation
Computer Systems,56, 684-700.

Computer Security. (2016).Funk & Wagnalls New World Encyclopedia, 1p. 1.

Crelin, J. (2013). Denial-of-service attack.Salem Press Encyclopedia,

Fenrich, K. (2008). Securing your control system: the 'CIA triad' is a widely used benchmark for evaluating information system security
effectiveness.Power Engineering, (2). 44.

Limarunothai, R., & Munlin, M. (2015). Trends and Challenges of Botnet Architectures and Detection Techniques.Journal Of Information
Science & Technology,5(1), 51-57.

Love, D. (2014). Why Microsoft and Sony Couldn't Stop Lizard Squad Attack Despite Warnings. International Business Times

Myers, R. (2012). Attacks on TCP/IP Protocols. CPSC4620: Computer Network Security.

Nazario, J. (2008). DDoS attack evolution.Network Security,2008(7), 7-10.

Patil, A., & Gaikwad, R. (2015). Comparative Analysis of the Prevention Techniques of Denial of Service Attacks in Wireless Sensor
Network.Procedia Computer Science,48(International Conference on Computer, Communication and Convergence (ICCC 2015), 387-393.

Yick, J., Mukherjee, B., & Ghosal, D. (2008). Wireless sensor network survey.Computer networks,52(12), 2292-2330.