Вы находитесь на странице: 1из 5

Testing of Network Using Sophos Firewall with

Layer Three Switch Through DoS Attacks


Aamir Sohail
MS(TN)
Iqra University Islamabad Campus
Aamirsohail2014@outlook.com

Abstract
Computer Network attcack on different componies are very danger,due to these attacks
many componies suffer problem in losses secure data. These attacks are causing , real time
transction problem, such as fiancial problem, Network delays etc. In this paper, we will use
different testing technique in order to test network. These technique uses the multi type of
tolls and methods for generating attacks , for this purspose I create a network scenrios to test
the network. The practical part of this paper will analyze Sophos firewall,sophos firewall create
major role in this paper, all work done in a lab enviourment. Firewalls that will be analyzed in
this paper Sophos. For testing the network , we will generate DoS (Denial of Service) attacks on
network, and finally we conclude how firewalls work to secure the network from different attacks.
Keyword: Computer Network, Network delay, Sophos, DoS

1. Introduction
As Per New Technology ,many compnies facing many Cyber Attack . With the increase of
Network security attacks, this enviourment create higher probability of vulnerabilities in
componies software and network domains.in recent years many componies suffer many losses in
network areas. Many open availabe tolls on internet create malicious activities on network.
In our work we address the DOS Attack on netywork we arrange a lab enviorment type
network for secure network solution. Many research work different firewalls , new scenrios for
address this problem, many solution available to solve this problem[6], but our work generate a
best solution to solve the network security issues.this solurion is easy to implement , cost effeted
and no complex configuration needs to obtain the best results.
Providnig secure and better quality of service nework solution I analyze the firewall solution.
There is a many types of attacks such as: device delay, service delay, Injection of faulty data, etc.
[1-3] DoS attack is to be one of the most top listed cyber attack in the field of cyber attacks. The
aim of DoS attack is to decrese the performance of system and creare the delay between the
service. Through DoS attack, the attackers work like a lagtimate user of network and access the
data of network like emails, access to web server etc. During this process the attacker sends a
flood of connection request to the server for creating delays. The servers have limited number of
connection to provide services. when the flood of connection request come to the server , the
performance of server decreas and no one can access the server . Thus, the legitimate users can
not uses the services of servers.[5]
In this paper, we use penetration testing technique for simulating DoS attacksto verify the
security of network. I am simulate a scenarios using Firewalls and I am providing a better
solution of secure the data. I am assunming the attacker is attacking from Internet (outside
the network). I am see how DoS attacks create issues on web services, which are located in
a the test network.
The paper is organized as follows. In Section 2, we introduce new testing techniques. It describes the
Methodology, practical work explanation and results in Section 3. The conclusions and future work
detail are given in Section 4.
11. TESTING TECHNIQUE
Network attack testing is a method that simulates an attack for analyzing and test the loop
holes of a network. I am using GNS3 for creting a Network for test the attacks.This test can
be generate using hardware or software tools, its depands the condition of network. The
main purpose of this method is to analyze the behavior of a network during an attack from
inside or outside the network. After test the network, we are easily know the loop holes and
flaws of a network.i am using The pen-tester, for test the network, the pen tester provide
full information of a system and provide future vanurbilties of network. penetration testing
can be done from inside or outside network depands upon the scenrio you creating.

III. Testing network on GNS3


In this section we create a network on GNS3. All testing scenrio creted on the GNS3. I
generate different types of DoS attacks on the network and check how a network system
control the attack.
We will use 2 different scenarios:

Scenario I: A web server attack from the Local area network


Web Server, attacker
Scenario 2: A web server attack from Internet. The web server is protected Sophos Firewall
Web server, layer three switch, Sophos Firewall, Attacker

Many types Of DoS attacks, but in this paper we will perform tests using TCP and UDP
flood. In a SYN flood attack, the attacker Send packets to open port 80 on the targeted
server, with the help of LOIC tool. The server respond the receives request, to build the
connection from client to server. TCP flood attack’s aim is to decrees the performance of
Server. After the few seconds client cannot use the services, normally the client request the
server to build the connection, the client and server send the request and response messages,
The Client send SYN Message to the server, The Server send SYN-ACK to the client .The
Client Send ACK for connation conformation.[5] A UDP flood attack is a denial-of-service
(DoS) attack), a connectionless computer networking protocol. UDP send ICMP messages for
connection building. I am using LOIC tool for generate TCP and UDP flood. This tools use for
testing purpose. GNS3 is a graphical network simulator, all required OS and VMs are draw on
the GNS3.All Scenario and testing are done on GNS3.
I am target the web server in my GNS3 network topology, the targeted web server address
is http//10.1.1.142 and this is located in my GNS3 Network.

1. Web server attack from the Local area network


For fist scenario web page installed on web server services, for web server I am using IIS
(Internet information services) server on Window 7 OS. And on attacker PC install LOIC
tools for generating attacks. The attacker pc attached with web server directly in local area
network. For monitoring the traffic I am using Wireshark (Wireshark is an open source
packet analyzer. It is used for troubleshooting, analysis, traffic monitoring and results etc.).
Wireshark already integrated with GNS3.i am using nmap (network mapper) for port
scanning, port 80 is open on webserver. The port 80 is a TCP Port. Here is the first network
topology in my GNS3,
First, the attack generate from single PC. From this attack, we noticed that the page loading time
chang in few delay/.TCP flood from a single PC generte from heavy flood . Therefore, we
increased the number of packet size , generating TCP packets on port 80. The results from this
test shows in figure,

it can be seen that the traffic generated from four PCs toward the Web Server has achieved
maximum packet size,Theoretically, I am incresing the size of TCP Packet then the result , the
result of incresing the packet size shows in graph, when I increase the size of packet the loading
page take a lot of time to open, a time the web server respond nothing.the delay of loading page
incresed and nothing load on web page.
Next we genearte the UDP Flood on web server on port 80.but the udp is a connection less
protocol so no need to open the port.due to connection less the attacker no need to respond the
requests.
And last we conclude the result of local area network attack, after the attack the web server
responds the slowlay and after the few time the web server does not provide the services of
server, the delay of web server incresed and nothing to serve. In UDP attacker easily stop the
services of server.

2. A web server attack from Internet Using Firewall and Layer three switch

In this scenrio I am introduse the sophos firewall in my network and provide the two solution of
controlling attack. The first scenrio the attacker lounch the attack from internet and the other the
local area network client attack the web server. I am using sophos firewall in local are network
and internet.the network diagrame below mentioned.
Sophos firewall is the advance level firew, with many integrated functionalities, such as: web
protection, server protection,spam protection, intrusion prevention, endpoint protection, etc. To
perform tests and to analyze the difference between without firewall protection and with sophos
firewall protection. I am again launch the TCP and UDP Flood on webserver with using port 80
port. the result of after attack are shown in figure

After the attack on web server, the web server running very smooth the web server not face any delay during
opening the web page. This firewall block the all traffic that generate the attacker. The firewall
provide the accesss to attacker on web server but the traffic of TCP and UDP blocked. I am
launching the TCP and UDP traffic one by one to test the firewall. And next step I am generating
the attack from local network. But the user in the local network using the gateway of sophos
firewall. When the local user access the web server and launch the attack , the sophos firewall
block the traffic on TCP and UDP.
VI. CONCLUSIONS
After the attacks and scenrios we see the local and internet attacks are see in the result,it has been
concluded that in the local area we are save when we use the sophos firewall with
gateways and in the internet we are save when we use the firewall after the internet, the
sophos provide routing facility so we use sophos with layer three swith.in may result I am
recommnded the componies to use sophos and any other firewall for protection and monitor and
check your network on regular basis.
In future I am perfome this on other firewall and provide better solution for controlling the
security attack.

REFERENCES
[1]Security TechCenter. (2014, April 8). "Microsoft Security Bulletin MS 14-017
Critical". URL: https://technet.microsoft.com/enus/ library/security/MS ]4-
017?f=255&MSPPError=-2147217396 (retrieved 4 January, 2017)
[2] C.Anley, J. Heasman, F. Lindner, G. Richarte "The Shellcoder's Handbook:
Discovering and Exploiting Security Holes". 2007. Wiley
[3]T. Hayajneh, B.J Mohd, A. Itradat, ANQuttoum "Performance and Information Security
Evaluation with Firewalls," International Journal of Security and Its Applications, SERSC, Vol.
7, No. 6, pp 355-372, 2013.(DOI: 10.14257/ijsia.2013.7.6.36)
[4]S. Sridhar, "Denial of Service attacks and mitigation techniques: Real time
implementation with detailed analysis", 2011, SANS Institute
[5] M.Khaled, Elleithy, "Denial of Service Attack Techniques: Analaysis, Implementation and
Comparison, "III SCI journal, vol 3, no 1, pp. 66-71]
[6] Sun-young Im, Seung-Hun Shin, , Ki Yeol Ryu "Performance Evaluation of Network
Scanning Tools with Operation of Firewall 978-1-4673-9991-3/16/$31.00 ©2016 IEEE, pp 876-
881, 2016.

Вам также может понравиться