2. Contents
1. About Internet Malware
2. Introduction to Dos/DDoS
3. Architecture of DDoS
4. Motivation
5. Experimental techniques
6. Graph
7. Comparison b/w Experimental techniques
8. Real time testbed
9. Hardware and Software used
10.CORE
11.Tools used in this project
12.Future Scope
4. DEFINING DOS/DDOS
Denial of service attack(DoS) is an intentional attempt by malicious
users / attackers to completely disrupt or degrade availability of
service / resource to legitimate / authorized users.
Distributed denial of service attack(DDoS) is a well coordinated attack on
the availability of services of a given target system or network that is launched
indirectly through many compromised computing systems by sending a
stream of Useless traffic meant to explode victim / network resources.
6. MOTIVATION BEHIND THE INCREASING DDOS
ATTACKS
Name and Fame amongst attackers community
Financial Profit
Political Revenge
Easy and free availability of user friendly attack tools
Business Competitors
9. Comparison b/w Experimental techniques
▪ Mathematical
model
▪ Simulated model ▪ Emulated model
• Models for OS,
APPs,
Platforms and
Conditions
• Models for Key OS ,
Mechanisms ,
Algorithms , Kernel
Apps
• Virtual Platforms
• Synthetic conditions
• Real Apps
• Real Platforms
• Real OS
• Synthetic
Conditions
• Real time model
• Real OS
• Real Apps
• Real Platforms
• Real Conditions
12. HARDWARE AND SOFTWARE USED
HARDWARE
1. D-LINK 2800 SERIES ROUTER
2. D-LINK L2,L3 SWITCHES
3. DESKTOPS INSTALLED WITH
UBUNUTU 14.04
SOFTWARE
1. APACHE WEB SERVER
2. SNIFFER- WIRESHARK
3. EMULATOR- CORE ,NS-3
4. TOOLS USED- HULK,HTTP
FLOODER, HPING3,CORAL REEF
5. OS- UBUNTU 14.04
13. CORE
Abbreviated as Common Open Research Emulator.
The CORE project provides an iso image called
VCORE than can run in Virtual Box.
The file used for running is very large almost 600
megabytes.
CORE can also be run on a virtual machine on PC or
laptop.
18. lTools and flooder used in topology to
generate Traffic
ooder used in topology to generate traffic
1. HULK
Unique pattern is generated at each and every request, with the intention of increasing the load on
the servers as well as evading any intrusion detection and prevention systems.
Uses User Agent Strings to trick Webserver.
Have capability to bypass captcha validation.
2. SLOWRIS
A Slow Loris attack waits for sockets to be released by legitimate requests before consuming them
one by one.
Slow Loris sends subsequent HTTP headers for each request, but never actually completes the
request. Ultimately, the targeted server’s maximum concurrent connection pool is filled, and
additional (legitimate) connection attempts are denied.
19. CONTINUED….
3. HTTP FLODDER
Python based tool
Generate application layer traffic(HTTP traffic)
Uses multiple threading to open multiple connection to target node
Capability to spoof IP addresses
4. D-ITG(Distributed Internet Traffic Generator)
Accepted World Wide as legitimate traffic generator
Supports generation of VoIP , Game (Counter Strike & Quake 3)traffic.
Capable of generating traffic patterns similar to that of flash traffic.
Highly customizable can explicitly specify packet size , Inter-Departure Time ….
20. Future Scope of our Project
Detect and defend of DDOS attack
Impact measure(response time ,throughput ,transaction rate)
Different type of attack can be launched( ICMP , HTTP, UDP ,
TCP, SYN )