IT_542_Unit_1_Lab
docx
keyboard_arrow_up
School
Technical University of Mombasa *
*We aren’t endorsed by this school
Course
CIT4302
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
14
Uploaded by CoachButterfly5975
1
Sulee Son
IT 542
Nainika Seth Patnayakuni
4/2/2021
2
Screenshots
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
5
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
8
Denial of Service Attack
In the field of computing, a denial of service attack is identified as a cyber-attack, in
which the network resource is made unavailable by the perpetrator to intended users, indefinitely
interfering with services of the host connected to the internet. It is readily achieved by flooding
with excessive requests to the targeted machine, resulting in overloading the system, preventing
most legitimate requests from being achieved. These attacks are mainly to people of various
groups who crowd the shop's entry door, making it difficult for customers who are legit from
accessing the shop and hence, trading disrupted. The most targeted sites include the credit card
payment gateways, activism, blackmail, and many more. These attacks have lots of side effects
on an organization or firm. That is, all employers of the organization will be denied from
accessing the network resources. Those who are ecommerce will experience losses of up to
$20,000 every hour since no customer will be allowed to purchase a product.
Generally, one will know that the web servers are under attack because they will be slow
performance while logging into a website. Also, the network will be slow, and the inability to
access the websites is a good indicator that the web servers are compromised or under attack.
Amplification of DNS, flooding of both the UDP and SYN are significant examples of these
attacks. DOS attacks' main primary goal is to ensure that the targeted users are deprived of their
rights of accessing the websites, hence suffering from major network crises that include slow
networks and many more (Sahoo
et al.,
2019). SQL injecting and port scanning is significant
examples of DOS attacks. It is worth noting that most of these DOS attacks are intentional and
always planned. With the main aim of ensuring that website resources are unavailable to the
legitimate client.
9
1.
Describe the different capabilities of Low Orbit Ion Cannon. Search and identify at
least one other product that allows you to conduct denial of service attacks, and
identify two differences between the products. Provide appropriate citations.
Low Orbit Ion Cannon refers to those machines or tools, or equipment that are
extensively employed to launch the two major attacks: DOS and the DDOS attacks (
Gupta, &
Badve, 2017).
It is a user-friendly tool that is easily accessible. It can be downloaded and
employed as it employs a simple point–click interface that makes it easier for hackers who have
little knowledge about it to employ it and perform attacks. Furthermore, it allows users to launch
attacks employing JavaScript version JS LOIC from a web browser and a low orbit web canon as
the web version. Its capabilities are indicated in its operation where it significantly floods the
targeted server with TCP, HTTP, and UDP packets that significantly disrupt the service. When
employed by attackers, it significantly produces junk traffic which is enough to cause severe
effects on the same target. For a severe attack to happen, thousands of users are required to
coordinate an attack on the same target simultaneously. IRC chats are usually employed, which
are efficient in ensuring that coordinated attacks are achieved.
These chats run the version of LOIC known as the Hivemind. It ensures that several
networked secondary computers are monitored or control by one primary user, and as a result, a
voluntary botnet is generated. It is the widely employed approach since secondary device owners
can defend themselves that their only victims were innocent of the botnet, involuntary. It has
been successful in two attacks. The first attack was on Scientology websites church in 2008, as it
responded to the church's efforts legally, aiming to take down the videos on YouTube. The other
attack was in 2010, which involved visa and MasterCard sites compromised by the WikiLeaks
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
supporters, as they were responding to these companies which offer credit card freezing
payments to WikiLeaks.
The significant products employed include the crash and flooding attacks which greatly
ensures that the legitimate users cannot access most of their online sites, such as websites and
many more. The significant difference is that in flooding, the system receives execs traffic for its
services to buffer, which makes them very slow while the crashing only exploits the target's
flaws, and they are less common.
2.
In this lab you performed TCP, UDP, and HTTP flood attacks. Research and
describe three different ways that an organization can prepare against denial of
service attacks. Describe how the defense strategies against denial of service attacks
differ based on the types of attacks. Provide appropriate citations.
A company can protect itself against DOS by configuring its firewalls and routers, and
these significantly ensure that any bogus traffic has been rejected. To make sure that this is
efficient, they should always keep them up to date (
Korpela, & Weatherhead, 2016).
They should
also perform a black hole routing investigation since the routing of the black hole sends
excessive traffic to a null route or the black hole. With this any of their website which is targeted
will be They prevented from crushing. They can also employ the technology that includes anti-
DoS services that significantly protect the company from any attacks. These anti- DDoS services
are efficient in identifying which spikes in the network traffic are legitimate and not.
Defense strategies employed in Volume Based attacks include a global network that is
efficient in absorbing these effects. While the protocol attacks the Imperva employed ensures that
traffic that is termed as evil has been blocked before entering the site. It employs technology that
identifies or distinguishes between legitimate users and those who are malicious. Finally, the
11
application layer attacks differ from these others in that they monitor the visitors' behaviors and
significantly block those that are bad bots. It also blocks entities that are unrecognized, and
suspicious which are challenging.
3.
While using tcpdump in step 9 of the lab, search and identify what –nntttt, -s 0 and
–w options are supposed to do.
-nnttt-s 0 and –w is supposed to check if there is any DoS attack on any port.
4.
What steps should an organization take when it is actively under a DDOS attack?
Provide appropriate citations.
When an organization is actively under a DDOS attack, it should not panic since the sites
are already down. They only need to remain calm to have complete control of the situation. They
should also have efficient communication, ensuring that they can redirect their customers and
avoid stressing the support team. Furthermore, they should identify the attack to understand
which steps to undertake after understanding what kind of attack they are under. After the
identification, they should clear the logs. It helps reduce the strain placed on the system. They
should then mitigate suspicious traffic; it helps to block all suspicious traffic. Finally, they should
know and use your resources, that is, their DDOS and its operation.
5.
Review the sources below and write out five questions that you would need to
answer in your pen test plan.
Korpela, K., & Weatherhead, P. (2016).
Planning for Information Security
Testing—A Practical Approach
. ISACA Journal, 5, 1-10. Retrieved from
https://www.isaca.org/Journal/archives/2016/volume-5/Documents/Planning-for-
Information-Security-Testing_joa_Eng_0916.pdf
12
Pre-engagement
. (n.d.). Retrieved 12 18, 2019, from pentest-standard:
http://www.pentest-standard.org/index.php/Pre-engagement
Pentest Plan Questions
1.
What is the importance of the information security testing maturity model?
2.
What is the function of risk and contingency plans?
3.
Why are risk assessment frameworks relevant?
4.
What are the roles, importance, and effect of pre-engagement in DOS?
5.
Why should organizations perform information security testing?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
13
References
Gupta, B. B., & Badve, O. P. (2017). Taxonomy of DoS and DDoS attacks and desirable defense
mechanism in a cloud computing environment.
Neural Computing and
Applications
,
28
(12), 3655-3682.
https://activereach.net/newsroom/blog/six-steps-to-dealing-with-a-ddos-attack/
https://lab.infoseclearning.com/lab/performing-denial-service-attack-wan
https://us.norton.com/internetsecurity-emerging-threats-dos-attacks-explained.html
https://www.cloudflare.com/learning/ddos/ddos-attack-tools/low-orbit-ion-cannon-loic/
https://www.google.com/search?q=what+do++%E2%80%93w+options+do+in+DOS
%3F&sxsrf=ALeKk02D-zi3kYHOUm9dXCC0fAMgtdwGeg
%3A1617014051764&ei=I61hYJehLpuT8gKztbPIAw&oq=what+do++
%E2%80%93w+options+do+in+DOS
%3F&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsAM6BAgjECc6BQghEKABULJPWP
NuYJ14aAFwAngAgAGyA4gB8hWSAQcyLTIuNC4ymAEAoAEBqgEHZ3dzLXdpesg
BCMABAQ&sclient=gws-
wiz&ved=0ahUKEwjXvpvhptXvAhWbiVwKHbPaDDkQ4dUDCA0&uact=5
https://www.imperva.com/learn/ddos/ddos-attacks/
Korpela, K., & Weatherhead, P. (2016). Planning for Information Security Testing—A Practical
Approach. ISACA Journal, 5, 1-10. Retrieved
from
https://www.isaca.org/Journal/archives/2016/volume-5/Documents/Planning-for-
Information-Security-Testing_joa_Eng_0916.pdf
Pre-engagement. (n.d.). Retrieved 12 18, 2019, from pentest-standard:
http://www.pentest-
standard.org/index.php/Pre-engagement
14
Sahoo, K. S., Panda, S. K., Sahoo, S., Sahoo, B., & Dash, R. (2019). Toward secure software-
defined networks against distributed denial of service attack.
The Journal of
Supercomputing
,
75
(8), 4829-4874.