MATTU UNIVERSITY

COLLEGE OF ENGINEERING AND TECHNOLOG

DEPARTMENT OF COMPUTER SCIENCE

COMPUTER SECURITY ASSIGNMENT

TITTLE

DoS and DDoS Attack

NAME ID NO
1. SUFIYAN MOHAMED RU4770/12

2. BURKA ABDI RU4772/12

Submitted to: Mrs Naol G.

i
Table of Contents
Content page

Abstract..........................................................................................................................................iii
Introduction......................................................................................................................................1
1. DoS and DDoS Attack................................................................................................................2
1.1 The Most common types of DDoS Attacks......................................................................................2
1.1.1 SYN Flood Attack....................................................................................................................2
1.1.2. ICMP Flood...............................................................................................................................3
1.1.3. UDP Flood Attack.....................................................................................................................3
1.1.4. Misuse Attack............................................................................................................................4
1.1.5. HTTP Flood...............................................................................................................................5
2. Denial of Service attack (DoS)...................................................................................................5
Buffer overflow attacks.......................................................................................................................6
ICMP flood..........................................................................................................................................6
SYN flood...........................................................................................................................................6
3. Difference between DOS and DDOS Attack...............................................................................6
4. How to prevent a denial of service attack....................................................................................7
5. DDoS Protection Techniques......................................................................................................7
CONCLUSIONS.............................................................................................................................9
Recommendation...........................................................................................................................10
REFERENSE.................................................................................................................................11

ii
 Abstract
Recently, the technology become an important part of our live, and it is employed to work
together with the Medicine, Space Science, Agriculture, and industry and more else. Stored the
information in the servers and cloud become required. It is a global force that has transformed
people's lives with the availability of various web applications that serve billions of websites
every day. However, there are many types of attack could be targeting the internet, and there is a
need to recognize, classify and protect thesis types of attack. Due to its important global role, it
has become important to ensure that web applications are secure, accurate, and of high quality.
One of the basic problems found on the Web is DDoS and DoS attacks. In this work, the review
classifies and delineates attack types, test characteristics, evaluation techniques; evaluation
methods and test data sets used in the proposed Strategic Strategy methodology. Finally, this
work affords guidance and possible targets in the fight against creating better events to overcome
the most dangers Cyber-attack types which is DDoS attack .

iii
 Introduction
Denial of Service (DoS) attacks to networks are numerous and potentially devastating. So far,
many types of DoS attacks are identified and most of them are quite effective to stop the
communication in the networks. These attacks involve either the use of single computer or
multiple computers, called zombies. Former technique is known as simple DoS attack and latter
as Distributed Denial of Service(DDoS) attacks. Not only IPv4, but also the new road map of
internet, IPv6, is quite vulnerable to DoS attacks. A number of countermeasures are developed to
mitigate these attacks. (1)

A DoS attack is a denial of service attack where a computer is used to flood a server with TCP
and UDP packets. A DDoS attack is where multiple systems target a single system with a DoS
attack. Denial of Service (DoS) attack is executed to determine a specific category of
information warfare where a malicious user blocks legitimate users from accessing network
services by exhausting the resources of the victim system. Without hacking the password files or
stealing sensitive data, a DoS attacker creates network congestion by generating a large volume
of traffic in the area of the targeting system. The size of the caused overload is enough to prevent
any packet from reaching its destination. Normally, a TCP connection is established through a
threeway handshake. A client initiates a connection by sending a SYN packet to the server. The
server acknowledges the request by sending a SYN ACK packet back to the client and allocating
space for the connection in a buffer. The client then replies with an ACK packet, and the
connection is completely established.

1
 1. DoS and DDoS Attack
A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the device's
normal functioning. DoS attacks typically function by overwhelming or flooding a targeted
machine with requests until normal traffic is unable to be processed, resulting in denial-of-
service to addition users. A DoS attack is characterized by using a single computer to launch the
attack. (2)

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic
of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as

sources of attack traffic. Exploited machines can include computers and other networked
resources such as IoT devices.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway,
preventing regular traffic from arriving at its destination.

1.1 The Most common types of DDoS Attacks

1.1.1 SYN Flood Attack

An SYN attack occurs when the system is hit by a SYN packet and is initiated by an incomplete
communication request that no longer satisfies the actual communication requirements resulting
in denial of service (DOS).The bellow Figure 1 demonstrate the SYN Flood design. A SYN
Flood is analogous to a worker in a supply room receiving requests from the front of the store.
(3)

The worker receives a request, goes and gets the package, and waits for confirmation before
bringing the package out front. The worker then gets many more package requests without
confirmation until they can’t carry any more packages, become overwhelmed, and requests start
going unanswered.

This attack exploits the TCP handshake — the sequence of communications by which two
computers initiate a network connection — by sending a target a large number of TCP “Initial
Connection Request” SYN packets with spoofed source IP addresses.

The target machine responds to each connection request and then waits for the final step in the
handshake, which never occurs, exhausting the target’s resources in the process.

2
 Figure 1. The architecture of SYN Flood Attack

1.1.2. ICMP Flood

ICMP flooding occurs when the ICMP overloads a system with so many repeating echoes that
the system is expanded and then all resources fail until high system traffic can no longer be
processed. By strengthening ICMP flood security, the Board of Directors can set thresholds that
require ICMP floods when reviewed.

Figure 2. ICMP Flood Attack

1.1.3. UDP Flood Attack

As with the ICMP flood, UDP occurs when UDP packets are started to block the system until it
can no longer process valid legitimate connections. With increased UDP flood security,
managers can define a threshold that exceeds protection against UDP flood attacks. The
architecture of UDP attack is presented in the bellow Figure.
3
 Figure 3. The Architecture of UDP Flood

1.1.4. Misuse Attack

Misuse attack is an emerging type of flooding attacks. It is consuming the network resource,
especially with resources that cannot be shared between multi-user, or the resources that can be
shared for a limited number of users, in this attack the attacker free up the resources from other
users and using them for its benefits and using it for without sharing it with other users, this
attack usually case bottleneck problem, which leads to service delay or even services down of
NFV network .

4
 Figure 4. Misuse Flood Attack Architecture

1.1.5. HTTP Flood

In an HTTP flood DDoS attack, the attacker exploits seemingly-legitimate HTTP GET or POST
requests to attack a web server or application. HTTP floods do not use malformed
packets, spoofing or reflection techniques, and require less bandwidth than other attacks to bring
down the targeted site or server. The attack is most effective when it forces the server or
application to allocate the maximum resources possible in response to every single request

This attack is similar to pressing refresh in a web browser over and over on many different
computers at once – large numbers of HTTP requests flood the server, resulting in denial-of-
service.

This type of attack ranges from simple to complex.

Simpler implementations may access one URL with the same range of attacking IP addresses,
referrers and user agents. Complex versions may use a large number of attacking IP addresses,
and target random urls using random referrers and user agents.

2. Denial of Service attack (DoS)

 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a crash. In both instances, the DoS attack
deprives legitimate users (i.e. employees, members, or account holders) of the service or
resource they expected.

Victims of DoS attacks often target web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations. Though DoS attacks
do not typically result in the theft or loss of significant information or other assets, they can cost
the victim a great deal of time and money to handle.

There are two general methods of DoS attacks: flooding services or crashing services. Flood
attacks occur when the system receives too much traffic for the server to buffer, causing them to
slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to
a network address than the programmers have built the system to handle. It includes the attacks
listed below, in addition to others that are designed to exploit bugs specific to certain
applications or networks

ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping
every computer on the targeted network, instead of just one specific machine. The network is

5
then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of
death.

SYN flood – sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available for legitimate
users to connect to.

3. Difference between DOS and DDOS Attack

S.No. DOS DDOS

1 The full form of DOS is Denial of The full form of DDOS is Distributed
service attack. Denial of service attack.

2 Here, a single system attacks the In the case of DDOS, several systems
victim’s computer. target the victim’s system.

3 This is slower than DDOS attacks. This is faster than a DOS attack.

4 Target PC is crowded from the Target PC is crowded from the packet

packet of data transmitted from a of data transmitted from numerous
single zone. locations.

5 It is easy to block because only a It is difficult to block because

single system is operated here. numerous devices are included in this
attack.

6 These attacks are easy to trace. These attacks are hard to trace.

7 Volume of traffic here is less as The volume of traffic is massive here

compared to DDOS attacks.

4. How to prevent a denial of service attack

Denial of service attacks cannot be entirely prevented, but there are ways in which you can
prepare to reduce their effect. Proactive steps which you can take include:

6
Create a DoS response plan that covers all the aspects of handling an attack, including
i
communication, mitigation, and recovery.

Improve your network security and strengthen your overall security posture by installing
antivirus and anti-malware software and setting up a firewall that monitors and manages
incoming traffic.

Sign up for a DoS protection service (intrusion detection system) that filters and redirects
malicious traffic and can spot known attack signatures.

Consider introducing network segmentation to separate systems into separate subnets and avoid
flooding the whole network.

Assess your security settings and practices and introduce improvements where necessary.

5. DDoS Protection Techniques

Reduce Attack Surface Area. ...

Know what is normal and abnormal traffic. ...

Deploy Firewalls for Sophisticated Application attacks.

Set up a DDoS Response Plan.

Fortify the Network Security Systems and Infrastructure.

Monitor Your Network Traffic.

Use Multiple Servers and Cloud Protection.

Implement Best Security Practices.

Perform Security Asses

7
 CONCLUSIONS
Those method provides the strong defense against the malicious hosts in the network, and it
easily identifies the attacker hosts by their traffic nature and blocks all the traffic from the
attacker hosts. Client puzzles gives the advantage to validate the suspected hosts in order to
conform whether the suspected hosts from an attacker or from a legitimate user. Pushback helps
to outsource the client puzzle work load to upstream router, which helps to decrease the
processing work load on intelligent router. Using the proposed work, the attacker traffic is

8
effectively blocked at the edge routers and hence the denial of service causing attacks can be
identified in advance and offended successfully.

Recommendation
We recommend the drop malformed and spoofed packages as early as possible. Rate limit your
router to prevent volumetric DDoS attacks. Set lower thresholds for SYN, ICMP, and UDP
floods. Establish a botnet detection system to detect botnet activity as early as possible.

9
REFERENSE
1. Denial-of-Service Attack. ScienceDirect. [Online] [Cited: December 17, 2022.]
https://www.sciencedirect.com/topics/engineering/denial-of-service-attack.

2. What is a denial-of-service (DoS) attack? [Online] CLOUDEFLARE. [Cited: December 17,

2022.] https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/.

10
3. SYN Attack. Techopedia logo. [Online] [Cited: December 17, 2022.]
https://www.techopedia.com/definition/4134/syn-attack.

11
i