SEC 572 iLAB 1
Denial of Service Attacks
Student Name: Aloysius Jallah
Professor: Mark Merkow
Name of the attack
Denial of service attack (DoS): According to Week 1 TCO, denial of service attack is an attack that considerably reduces the power of the network from appropriately communicating with other networks and/or endpoint users (Merkow 2015). Hence, the end result of the attack is the incapacitation of the target network … rendering it inaccessible to its anticipated end-users through the application of flooding technique. Additionally, if the attacker understands and/or discovers that an intermediary network can give off excessive traffic capacity than the victim network can manage and/or process, the attacker uses the flooding technique to transmit an enormous batch of UDP packets headed for the victim; thus, the end result of this activity can cause flooding traffic congestion and exhaustion of the connection resources of the victim. In cunning attacks, “attacking hosts can flood packets in a burst to congest and disrupt existing TCP connections” (Kuzmanovic et al, 2005). However, for every action, there is equal and opposite reaction. As knowing denial of service (DoS) attack comes into play, software developers and system administrators also come up with the mechanisms and/or solutions to combat, reduce and prevent the potential impact of malicious criminal and/or attackers.
Attack discovery and resolution dates: Denial of service (DoS) attacks can be identify whenever a service and/or network becomes bombarded with flooding. As a result, this can lead the packets to expel and/or initiate non-complete connection calls, which means that it cannot further manages and/or deals with legitimate networking and/or connection requests. In most cases, the attacker is aware that by flooding the host and/or server with incomplete connections that it will ultimately leads to flooding attack, which in the long run will fill the memory buffer of the hosts. Finally, as the buffer is filled no further connections are possible or will be made; hence, the effect and/or outcome is a Denial of Service (DoS). The flooding attacks can impede services, crashing of organization’s system, dreadfully slowing down network functionality, inaccessibility of a certain websites and failure to access home page. The attacker can use a port scanner to search a network host for open ports to determine which network ports are active on the active IP addresses.
Synopsis of the attack--- In view of the hacker forums, denial of service (DoS) continues to be the most deliberated theme. Malicious attackers continue to renovate apparatuses in order to enhance DoS attack methodology. Why? Because, distributed denial of service (DDoS) attacks seek against working toward the breaching of data integrity and/or privacy scheme; these attacks can be performed exclusive of the necessity of discovering weaknesses in the application to exploit. DoS attack influences the flooding of organization and/or host resources, while utilizing the external communication requests. Thus, preventing the organization/host resources from answering to genuine traffic; for example, it facilitates the slowing of responses, consequently, declaring the host as effectually unreachable. The denial of service (DoS) attack is projected towards an exclusive resources; for example, an organization computer system including a port and/or service on the host computer system, and entire network in combination of a specified module of selected network. DoS attack is graft for the implantation of malwares, which can exploit CPUs, as far as inhibiting its functionality and triggering miscalculations in machine micro-code. As a result of these dynamic forces, the typical PC will experience an unsteady condition… gravitating to the point of crashing the entire system.
Vulnerable target(s) for the attack and likely victims---Accordingly, network seems to be extraordinarily susceptible to an assault and/or attack by the proliferation of viruses, worms as well as Trojans that grab hold of the information of the network and transmit it to hacker’s malicious criminals for their personal gains. Most of the possible victims are those of the all-inclusive network, components of the network, and other resources specific of the enterprise and/or organization.
Probable motivation(s) of the attack--- Generally, denial of service (DoS) attacks are stem from individuals with a grievance and/or criticism towards an organization mode of operation (view) or dis-likeness for a web site. In plain view, the rationale for the attack would be to destabilize and decrease their competitor’s portion of the market share, cause damage to commercial web availability, exploit the organization network systems vulnerability, and lunge an attack against the organization for their lack of protection in the form of such programs as anti-virus, malware and spyware, etc., etc...
Probable creators of the attack---Denial of service (DoS) attacks are incredibly cost effective and/or low cost per se and besides are problematic to counteract devoid of the appropriate instruments and/or piece of equipment (tools). To note, this nominates the devices as prevalent, all the more so for individuals that are equipped with appropriate technical intelligence and competences. Denial of service (DoS) attacks are presented on web sites specific, consequently, they end up escalating to a level of becoming more complicated that they are capable of exploiting system vulnerabilities and as such side step detection by firewalls of the host system, successfully.
Deployment, propagation, or release strategy of the attack---Usually, the use of anti-virus programs, firewalls and through random port scanning that include the setting up of a scalable infrastructure, are initiated to facilitate the absorption of the impact of denial of service (DoS) attack until as such time that its origin is discovered and blocked to block further attacks for the network (Thomas, t., Stoddard, D. 2012 pp. 36-37).
Published countermeasures against the attack--- In normal scenario, quickly responding to the denial of service (DoS) attacks by means of an immediate and successful identification of inbound traffic as mischievous is preventively necessary. Secondly, setting up a scalable infrastructure to help engross the denial of service (DoS) attack until and/or while in anticipation of discovering the origin so that it can be blocked to block further attacks is another technique worth implementing. Normally, successfully decreasing the risks and impact from attacks, is consummated as a result of appropriately educating end-user, including improved anti-reconnaissance tools; hence, ensuring that all browsers are composing of anti-reconnaissance competencies as well.
Published recovery techniques used to return to normal operations after the attack--- Commencing with a sniffing packets, the utilization of sniffer programs is a passive attack, which permits a network interface card to be positioned into a specialized mode. The sniffer can analyze the network and gain access to information that can be later used to crash the systems and the network. As a proactive network administrator, the persistent utilization of exceptional, first-rate and efficient tools will technically help mitigate the effect and impact of future attacks. According to the textbook, “for an attacker to get a sniffer on your LAN, serious security issues have already occurred. Now that the attacker can see most of the packets on your LAN with a sniffer, there is a definite threat” (Thomas, T., Stoddard, D. 2012 pp. 39).
Recommended incident reporting measures---The incidence of the attack can be published via publication of journals in order to enable end-users to better understand gather information of the attack. It is henceforth recommended that every workstation and/or computer using similar network should have an established IP address in order to ensure uniformity and to prevent further attack on network.
Citations and resources used in this report
Argyraki, K., and Cheriton, D. R. (2010). Active Internet traffic filtering: real-time response to denial-of-service attacks. Proceedings of the USENIX Annual Technical
Conference. USENIX Press, Berkeley, CA. Retrieved September 1, 2015 from http://www.scirp.org/reference/ReferencesPapers.aspx?ReferenceID=1450131 iMPERVA (2012). Hacker Intelligence Initiative, Monthly Trend Report #12. Retrieved September 5, 2015 from http://www.imperva.com/docs/HII_Denial_of_Service_Attacks-
Merkow, M. (2015). SEC 572 TCO Week 1 lecture: Digital attacks. Attacks on computer Networks. Retrieved from https://devry.equella.ecollege.com Thomas, T., Stoddard, D. (2012). Network Security First-Step, 2nd Edition. Pearson Learning Solutions, 12/2011. VitalBook file.