In: Computers and Technology

Submitted By eme2008
Words 727
Pages 3
DDoS Attack Mitigation
Online College

Distributed Denial of Service (DDoS) attacks have been causing internet disruption for years. The types and frequency has evolved over time (The Growing Threat, 2012). Originally, multiple machines would ping a machine and take up its resources. Then attackers started to use the TCP handshake as an attack medium. They would request so many connections, that there would be none left for legitimate users. Now, the DDoS attacks are hitting at the application level.
A DDoS attack at the application layer is very difficult to detect. The attack consumes less bandwidth than other DDoS attacks and the attack targets very specific protocols. Some protocols that they attack are HTTP, used for connecting to web pages, DNS, used for turning a web address to an IP address, and SMTP, used for email transfer (The Growing Threat, 2012). Since they use well known and frequently used protocols to exploit, these attacks easily bypass normal traffic inspectors. The protocols for web must be open on the firewall and IDS because if they weren’t, normal web traffic would not go through. This would make the internet useless for everyone. In order to mitigate this issue and still have connectivity, there are two things the University can do.
First, the IT staff can deploy a Host-based Intrusion Prevention System (HIPS). This will be deployed to all of the University computers and centrally managed by a server in the data center. It is able to look at traffic and use behavioral analysis to prevent attacks. It will flag traffic or system functions that are not normal. It builds a baseline by looking at normal traffic patterns and use. If the computer starts to stray from this, it will alert the administrator (Chee, 2008).
The benefits of installing a HIPS are large. This will protect the computers running on the…...

Similar Documents

Ddos Document

...Junos® OS DDoS Protection Configuration Guide Release 11.2 Published: 2011-05-11 Copyright © 2011, Juniper Networks, Inc. Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto. This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved. GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software......

Words: 15178 - Pages: 61

Fnt1 Task1

...FNT1 Task1 Western Governors University FNT1 Task1 | Financial condition of Company G memo | | | Introduction: | Below is business memorandum to the CEO of Company G. Below is a chart that full meets the expectations of the task that was give. Each ratio is explained and the formulas used are listed along with the ratio finding. 1. That information is used to understand what our current trend and if it indicates a strength, weakness, no concern. Final Justification of identification of each ratio or trend as a strength, weakness, or no concern is given. 2. No outside sources where used to find the industry data quartiles because those numbers where already given on the attached “Statement Analysis Template Sheet” and we have assumed that the facts are current. | | | Ratio and what it measure | formula for calculating | current ratio finding for year 12 | year 11 | the industry data quartiles | This ratio is Up or down from last Year | Indicated and Justification | Measures a company's ability to pay its current liabilities with its current assets. | Current Assets/Current Liabilities | | | | Decreasing | WeaknessThe reason why this is marked as Weakness is because it falls below the top industry quartile of 3.1 and the middle industry quartile of 2.1. The 1.77 is above the lowest quartile of 1.4 but since this time last year the companies current ratio was 1.86 this shows a decline and therefore based on all the information give must be......

Words: 1297 - Pages: 6

Lot2 Task2

...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...

Words: 1240 - Pages: 5

Study of Syn Attacks in Ddos

...victim Victim Figure 1.1 Structure of a typical DDoS attack the most difficult to prevent. A large scale modification of the same attack is the distributed denial of service attack [1]. 1.3 DISTRIBUTED DENIAL OF SERVICE ATTACKS A distributed denial of service(DDoS) attack is a coordinated attack on the availability of services of a given target system or network that is launched indirectly through many compromised computing systems. The services under attack are those of the “primary victim”, while the compromised systems used to launch the attack are often called the “secondary victims.” The use of secondary victims in a DDoS attack provides the attacker with the ability to wage a much larger and more disruptive attack while remaining anonymous since the secondary victims actually perform the attack making it more difficult for network forensics to track down the real attacker. A typical DDoS attack architecture is shown in Figure 1.1. In February of 2000, one of the first major DDoS attacks was waged against Yahoo.com, keeping it off the Internet for about 2 hours, costing it lost advertising revenue. More recently, attackers used a series of DDoS attacks against a variety of companies providing anti-spam services. These attacks caused many of them to shut down their services. DDoS attacks are relatively new and not well understood. 2 Flood attacks are also a form of this type of attack. One of the common DDoS flood attacks is the SYN flood attack......

Words: 3936 - Pages: 16


...Recent Denial of Service Summary & Recommendations “DoS (Denial of Service) attacks target network bandwidth or connectivity. Bandwidth attacks overflow the network with a high volume of traffic using existing network resources, thus depriving the legitimate users of these resources. Connectivity attacks overflow a computer with a large amount of connection requests, consuming all available operating system resources so that the computer cannot process legitimate user's requests.” (EC-COUNCIL 6-3) Our network has suffered a type of DoS attack that was carried out by many computers throughout the campus network; this is called a Distributed Denial of Service (DDoS), or a DoS attack that was initiated by many computers. Our systems were attacked by computers owned by the school and the attack was carried out using computers on the internal network. The computers were compromised by an individual (or group of individuals) that gained access to the network by using a network administrator’s password. This password was obtained by a piece of software that logs key presses on the computers. They then used the password to install a piece of software with administrative privileges. That piece of software is what brought down the registration server. The attacking software asked the registration server for a webpage over and over again. This request was make with different ports on the individual computers and the server attempted to fulfill each request....

Words: 589 - Pages: 3

Ddos Attack

...NMCI 0 Best Practices for Internal DDoS Attacks Best Practices for Internal DDoS Attacks 2013 Best Practices for DDoS Attack 1 What is a DDoS? A Distributed Denial of Service, DDoS, is an attack which is implemented to take down a server and make it unavailable to legitimate users. This attack can be very costly as it suspends services and causes a break in connection to the internet. The reason this attack is called ‘Distributed’ is because there is a large number of computers that are used to overwhelm the web servers. These computers are called bots or slaves. They are controlled by one computer, which is called the master or handler. The master sends a command to the bots to that will cause an attack. In this case, the master sent a command to flood the web server with fake traffic, which will cause the server to become unreachable. Most of the time, the attack comes from an external source. The attack on the university’s web server originated within the schools network. There was a password sniffer used to capture an Administrator password. The password allowed the attacker to have elevated privileges. This allowed for the bots to be controlled and the attacker to do whatever he or she wanted to do. In this case, the attacker chose to bring down the registration system. Best Practices to Practices to Prevent Internal DDoS There are several measures that can be taken to prevent DDoS. This Guide will focus on steps to prevent these attacks from......

Words: 665 - Pages: 3


...I believe the worst kind of cyber-attack is a DDoS attack. I believe this is the worst attack because it can substantially damage a company’s reputation, and can be extremely expensive to recover from. For instance,” Over 80 per cent of respondents from the world of financial services placed their losses at over £6,000 per hour and in retail, nearly 70 per cent of respondents say outages would hit them to the tune of £63,545 an hour, in excess of £1,270,890 a day” (Swearingen, 2009). Also, it is not that expensive or hard for an attacker to implement a DDOS attack. For example, “For as little as £43 per day, you can also rent a botnet, an adhoc computer network that can be used to amplify attacks” (Swearingen, 2009) “There are now over 50 different tools capable of mounting a successful DDoS attack, and new tools are being developed every day” (Swearingen, 2009). It is common for a DDOS attack to be used against major banks. I found an article about how a DDoS was used to distract the banks from fraudulent activities. Usually this type of attack is meant for bringing down websites, which also still does a lot of damage to the reputation and revenue. However, this attack was different, and it was used to distract bank employees from the fraudulent behavior. After the attackers gained accessed to the banking systems, they were able to change the max amount of wire transfers, and were able to transfer a huge amount of transfers without being detected. They could have been......

Words: 402 - Pages: 2

Ddos Attack

...A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network Abstract: Wireless Mobile ad-hoc network (MANET) is an emerging technology and have great strength to be applied in critical situations like battlefields and commercial applications such as building, traffic surveillance, MANET is infrastructure less, with no any centralized controller exist and also each node contain routing capability, Each device in a MANET is independently free to move in any direction, and will therefore change its connections to other devices frequently. So one of the major challenges wireless mobile ad-hoc networks face today is security, because no central controller exists. MANETs are a kind of wireless ad hoc networks that usually has a routable networking environment on top of a link layer ad hoc network. Ad hoc also contains wireless sensor network so the problems is facing b y sensor network is also faced by MANET. While developing the sensor nodes in unattended environment increases the chances of various attacks. There are many security attacks in MANET and DDoS (Distributed denial of service) is one of them. Our main aim is seeing the effect of DDoS in routing load, packet drop rate, end to end delay, i.e. Maximizing due to attack on network. And with these parameters and many more also we build secure IDS ......

Words: 5918 - Pages: 24

Hacking Countermeasures & Tech., Lot2-Task1

...21 Nov 2011 Defense Against Denial of Service (DoS) Attacks A. University Network Diagram illustrates nature of DDoS attack in Red Hacking POWER 10 11 Cisco 2517 RS232 NMS IN BAND RESET Speed 1 3 5 7 9 11 Link/Act Speed 13 15 17 19 21 23 Link/Act Speed 25 27 29 31 33 35 Link/Act Speed 37 39 41 43 45 47 In Use Link/Act Link/Act In Use Link/Act Console 47 45 Pwr Status Up RPSU Base Down Speed 2 4 6 8 10 12 Link/Act Speed 14 16 18 20 22 24 Link/Act Speed 26 28 30 32 34 36 Link/Act Speed 38 40 42 44 46 48 Link/Act 46 48 BayStack 5 520-48T-PW R Speed 1 3 5 7 9 11 Link/Act Speed 13 15 17 19 21 23 Link/Act Speed 25 27 29 31 33 35 Link/Act Speed 37 39 41 43 45 47 In Use Link/Act Link/Act In Use Link/Act Console 45 47 Pwr Status Up RPSU Base Down Speed 2 4 6 8 10 12 Link/Act Speed 14 16 18 20 22 24 Link/Act Speed 26 28 30 32 34 36 Link/Act Speed 38 40 42 44 46 48 Link/Act 46 48 BayStack 5 520-48T-PW R 12 1 2 3 4 5 6 7 8 9 Speed 1 3 5 7 9 11 Link/Act Speed ...

Words: 1397 - Pages: 6


...Brandon Moore LOT2 Task 1 09/14/2011 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: ← The attacker was allowed to install software without having Administrator rights ← The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. ← Each client computer was able to send a large amount of HTTP requests to the web server. ← The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did...

Words: 724 - Pages: 3

Best Practice Guide for a Ddos Attack

...Running head: Best Practice Guide Best Practice Guide for a DDoS Attack WGU – LOT2 Hacking Task 2 Abstract This paper will accompany a PowerPoint presentation about best practices for preventing a DDoS attack. This will be the best practice guide and will be mentioning and elaborating all of the points in the slideshow. Best Practice Guide for a DDoS Attack It is important to have a plan in place when dealing with a DDoS attack. This guide will serve as the best practice guide for the university. Outlined will be some of the best practices to help prevent a DDoS attack and will be followed by the university. The first thing that the university needs to do is create a response plan and practice the plan over and over. The worst thing that could happen is a DDoS attack starts to occur and nobody knows what to do or what their role is in stopping this attack. A team must be formulated and assignments can be broken down between team members to divide and conquer this attack. It is better to have five different people working on five different tasks or ways to stop the attack instead of five people working on one. The best way to understand the attack is to attack yourself and find the weak spots. Performing a vulnerability assessment on your network will give you a better understanding how your networks functions and where you can find single points of failure. Redundancy is being able to still continue......

Words: 935 - Pages: 4

Lot2 Task 1

... Recently the university web-based registration system was the subject of a DDoS (Distributed Denial of Service) attack. This type of attack is characterized by flooding the target system(s) with more network traffic than it can process, thereby forcing the system offline or limiting its ability to respond to legitimate traffic to a negligible level. It is different from a DoS (Denial of Service), in that multiple computers (potentially thousands) are used to increase the amount of traffic sent to the victim. The result of the recent attack was the complete shutdown of the web registration server and the inability of any student to register for classes for approximately 24 hours. It was further determined that the attack originated from inside our internal network; no evidence has been found that an outside attack was able to penetrate our protective layers. To that end, we have compiled a report detailing proposed protective measures that may help prevent such attacks in the future. The investigation determined that he attacker was able to obtain an administrator level password using a password-sniffing application. These applications scan network traffic and pick out username and password combinations. It is believed that since this software was deployed on a large section of our computers, it was simply a matter of time before it detected a password used by our Information Systems staff. Once the password was obtained by the attacker, he/she was then able to log......

Words: 678 - Pages: 3

Ddos Testing

...issues like Denial of Service (DoS), Cross Site Scripting (XSS), Authentication Bypass, etc. These attacks can cause millions in loss for the organization. Therefore, an effective and efficient security software solutions are required so that these attacks can be prevented well in advanced. In this report, a solution is proposed for Advanced Research Company so that it can manage against potential DOS and DDOS attacks. With the rising competition and being in limelight, the company has painted itself a target to its competitors. There have been some scenarios in the past when an attempt was made to compromise the information of the company. GoldenEye software is used for describing the mentioned case. The software will help to identify the DOS attacks. Brief overview of DOS and DDOS attacks Denial of Service is an attack which disrupts the normal functionality of an Information system. The source of the attack may be local or global. Its main aim is the disruption of services so that the targeted service will be unavailable for the users. The DDOS attack is a type of the DOS attack. In this attack, a large number of hosts are utilized to accomplish the required attack. There can be 1000 of hosts involved in this task and they are also known as “bots” or “zombies”. These attacks are of multi-dimensional type because these attacks vary depending on their mode & target (Hudaib). Executive Proposal GoldenEye is a straightforward DOS attacking......

Words: 1177 - Pages: 5

Ddos Prevention Capabilities of Appcito

...DDOS prevention capabilities of Appcito CAFÉ Prepare, detect and mitigate DDoS attacks Introduction Consumers today use a wide variety of applications and smart devices to access information, make transactions and conduct business online. In addition, many enterprises have in-house applications that are used by employees to complete tasks and projects. Almost all the applications are deployed on the cloud because it offers a host of advantages. The cloud offers real time, elastic service with the option to pay as you use. But hosting the applications on the cloud also increases the possibility of attacks by malicious hackers. Most of these attacks are in the form of DDoS (distributed denial-ofservice). Virtually, there is no industry that has been spared from DDoS attacks. Such attacks prevent customers and business users from accessing applications. In a world where time is money, any application downtime is sure to affect businesses negatively. These costs range from financial losses and lost business opportunities to poor productivity. Internet and the OSI model At the heart of the cloud is the internet. Or, in other words, the cloud is an extension of the internet. The internet is a complex network connecting computers across the globe for easy transmission of data and information. This complexity arises because there are different types of hardware and software working in unison. In addition, rapid proliferation and adoption of new technologies has......

Words: 2332 - Pages: 10


...Cloud Based DDoS Mitigation If you can afford it, ensure that your Internet Service Provider gives you a clean pipe using cloud based DDoS mitigation. If you use multiple links, ensure that both links are protected. There is always a signficant amount of residual DDoS that will flow through. That's why you need a DDoS mitigation system in your network to handle the remainder of the attack. IntruGuard helps cloud service providers with solutions for DDoS attack mitigation as well. If your service provider doesn't provide DDoS attack mitigation services, you must take care of your own network to avoid collateral and other damages. Edge Router Access Control Lists Access lists in the router can be used to block certain addresses, if such addresses can be known a priori. But websites open to the public are, by nature, open to connections from individual computers, which are exactly the agents hackers use to initiate attacks. Robust edge routers provide a robust data center infrastructure. They are the key to a solid foundation. Their high performance makes them sustain large DDoS attacks without performance loss. Juniper Routers provide the ability to perform packet-filtering and black-hole routing combined with Traffic Flow Filtering capability data center administrator today use primarily two methods to mitigate attacks once they have been discovered by the NOC; packet filters, and black-hole routing. Packet filters, also referred to as firewall filters or......

Words: 1301 - Pages: 6