Sufi and Burka
Sufi and Burka
Sufi and Burka
TITTLE
NAME ID NO
1. SUFIYAN MOHAMED RU4770/12
i
Table of Contents
Content page
Abstract..........................................................................................................................................iii
Introduction......................................................................................................................................1
1. DoS and DDoS Attack................................................................................................................2
1.1 The Most common types of DDoS Attacks......................................................................................2
1.1.1 SYN Flood Attack....................................................................................................................2
1.1.2. ICMP Flood...............................................................................................................................3
1.1.3. UDP Flood Attack.....................................................................................................................3
1.1.4. Misuse Attack............................................................................................................................4
1.1.5. HTTP Flood...............................................................................................................................5
2. Denial of Service attack (DoS)...................................................................................................5
Buffer overflow attacks.......................................................................................................................6
ICMP flood..........................................................................................................................................6
SYN flood...........................................................................................................................................6
3. Difference between DOS and DDOS Attack...............................................................................6
4. How to prevent a denial of service attack....................................................................................7
5. DDoS Protection Techniques......................................................................................................7
CONCLUSIONS.............................................................................................................................9
Recommendation...........................................................................................................................10
REFERENSE.................................................................................................................................11
ii
Abstract
Recently, the technology become an important part of our live, and it is employed to work
together with the Medicine, Space Science, Agriculture, and industry and more else. Stored the
information in the servers and cloud become required. It is a global force that has transformed
people's lives with the availability of various web applications that serve billions of websites
every day. However, there are many types of attack could be targeting the internet, and there is a
need to recognize, classify and protect thesis types of attack. Due to its important global role, it
has become important to ensure that web applications are secure, accurate, and of high quality.
One of the basic problems found on the Web is DDoS and DoS attacks. In this work, the review
classifies and delineates attack types, test characteristics, evaluation techniques; evaluation
methods and test data sets used in the proposed Strategic Strategy methodology. Finally, this
work affords guidance and possible targets in the fight against creating better events to overcome
the most dangers Cyber-attack types which is DDoS attack .
iii
Introduction
Denial of Service (DoS) attacks to networks are numerous and potentially devastating. So far,
many types of DoS attacks are identified and most of them are quite effective to stop the
communication in the networks. These attacks involve either the use of single computer or
multiple computers, called zombies. Former technique is known as simple DoS attack and latter
as Distributed Denial of Service(DDoS) attacks. Not only IPv4, but also the new road map of
internet, IPv6, is quite vulnerable to DoS attacks. A number of countermeasures are developed to
mitigate these attacks. (1)
A DoS attack is a denial of service attack where a computer is used to flood a server with TCP
and UDP packets. A DDoS attack is where multiple systems target a single system with a DoS
attack. Denial of Service (DoS) attack is executed to determine a specific category of
information warfare where a malicious user blocks legitimate users from accessing network
services by exhausting the resources of the victim system. Without hacking the password files or
stealing sensitive data, a DoS attacker creates network congestion by generating a large volume
of traffic in the area of the targeting system. The size of the caused overload is enough to prevent
any packet from reaching its destination. Normally, a TCP connection is established through a
threeway handshake. A client initiates a connection by sending a SYN packet to the server. The
server acknowledges the request by sending a SYN ACK packet back to the client and allocating
space for the connection in a buffer. The client then replies with an ACK packet, and the
connection is completely established.
1
1. DoS and DDoS Attack
A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the device's
normal functioning. DoS attacks typically function by overwhelming or flooding a targeted
machine with requests until normal traffic is unable to be processed, resulting in denial-of-
service to addition users. A DoS attack is characterized by using a single computer to launch the
attack. (2)
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic
of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway,
preventing regular traffic from arriving at its destination.
The worker receives a request, goes and gets the package, and waits for confirmation before
bringing the package out front. The worker then gets many more package requests without
confirmation until they can’t carry any more packages, become overwhelmed, and requests start
going unanswered.
This attack exploits the TCP handshake — the sequence of communications by which two
computers initiate a network connection — by sending a target a large number of TCP “Initial
Connection Request” SYN packets with spoofed source IP addresses.
The target machine responds to each connection request and then waits for the final step in the
handshake, which never occurs, exhausting the target’s resources in the process.
2
Figure 1. The architecture of SYN Flood Attack
4
Figure 4. Misuse Flood Attack Architecture
This attack is similar to pressing refresh in a web browser over and over on many different
computers at once – large numbers of HTTP requests flood the server, resulting in denial-of-
service.
Simpler implementations may access one URL with the same range of attacking IP addresses,
referrers and user agents. Complex versions may use a large number of attacking IP addresses,
and target random urls using random referrers and user agents.
Victims of DoS attacks often target web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations. Though DoS attacks
do not typically result in the theft or loss of significant information or other assets, they can cost
the victim a great deal of time and money to handle.
There are two general methods of DoS attacks: flooding services or crashing services. Flood
attacks occur when the system receives too much traffic for the server to buffer, causing them to
slow down and eventually stop. Popular flood attacks include:
Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to
a network address than the programmers have built the system to handle. It includes the attacks
listed below, in addition to others that are designed to exploit bugs specific to certain
applications or networks
ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping
every computer on the targeted network, instead of just one specific machine. The network is
5
then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of
death.
SYN flood – sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available for legitimate
users to connect to.
1 The full form of DOS is Denial of The full form of DDOS is Distributed
service attack. Denial of service attack.
2 Here, a single system attacks the In the case of DDOS, several systems
victim’s computer. target the victim’s system.
3 This is slower than DDOS attacks. This is faster than a DOS attack.
6 These attacks are easy to trace. These attacks are hard to trace.
6
Create a DoS response plan that covers all the aspects of handling an attack, including
i
communication, mitigation, and recovery.
Improve your network security and strengthen your overall security posture by installing
antivirus and anti-malware software and setting up a firewall that monitors and manages
incoming traffic.
Sign up for a DoS protection service (intrusion detection system) that filters and redirects
malicious traffic and can spot known attack signatures.
Consider introducing network segmentation to separate systems into separate subnets and avoid
flooding the whole network.
Assess your security settings and practices and introduce improvements where necessary.
7
CONCLUSIONS
Those method provides the strong defense against the malicious hosts in the network, and it
easily identifies the attacker hosts by their traffic nature and blocks all the traffic from the
attacker hosts. Client puzzles gives the advantage to validate the suspected hosts in order to
conform whether the suspected hosts from an attacker or from a legitimate user. Pushback helps
to outsource the client puzzle work load to upstream router, which helps to decrease the
processing work load on intelligent router. Using the proposed work, the attacker traffic is
8
effectively blocked at the edge routers and hence the denial of service causing attacks can be
identified in advance and offended successfully.
Recommendation
We recommend the drop malformed and spoofed packages as early as possible. Rate limit your
router to prevent volumetric DDoS attacks. Set lower thresholds for SYN, ICMP, and UDP
floods. Establish a botnet detection system to detect botnet activity as early as possible.
9
REFERENSE
1. Denial-of-Service Attack. ScienceDirect. [Online] [Cited: December 17, 2022.]
https://www.sciencedirect.com/topics/engineering/denial-of-service-attack.
10
3. SYN Attack. Techopedia logo. [Online] [Cited: December 17, 2022.]
https://www.techopedia.com/definition/4134/syn-attack.
11
i