Académique Documents
Professionnel Documents
Culture Documents
I.
INTRODUCTION
In a network of communication, large number of workstation communicate with each other. Each
workstation has private data that is to be transmitted between the stations. Security is the main issue
while transmitting and receiving information. For protection, several security mechanisms were
developed but these mechanisms do not help much. DDoS attacks are the most destructive attacks that
are reported to create havoc in networking field to most of the service providers and legitimated users.
DDoS attack make network services unavailable to the authorized users. DDoS can be implemented in
many ways like flooding attack, logic attack and protocol-based attack . Flooding attack is an attack which
floods the network so much in turn make the network congested. Logic attack is an attack which overflow
the buffer so much or exceed the limit of amount of packets recieved. In protocol-based attack attacker
analyse the behavior of TCP/IP functionality for the requirements of attacking.It does not weaken
TCP/IP functionality
II. TAXONOMY OF DDOS ATTACKS
An DDOS Attacks can be classified in many ways in terms of their nature and characterstics or its impact.
The taxonomy is also summarized in the figure 2.
A. Classification by Degree of Automation
Based on the degree of automation of the attack, the attack can be classified as manual, semi-automatic
and automatic DDoS attacks.
1. Manual Attacks
www.ijafrc.org
www.ijafrc.org
1. Protocol Attacks
Protocol attacks exploit a specific feature or implementation bug of some protocol installed at
the victim in order to consume excess amounts of its resources. Examples include the TCP SYN
attack, the CGI request attack and the authentication server attack. In the TCP SYN attack, the
exploited feature is the allocation of substantial space in a connection queue immediately upon
receipt of a TCP SYN request. The attacker initiates multiple connections that are never
25 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org
www.ijafrc.org
Dynamics
Depending on the attack rate dynamics we differentiate between continuous rate and variable rate
attacks.
1. Continuous Rate Attacks
The majority of known attacks deploy a continuous rate mechanism. After the onset is commanded
agent machines generate the attack packets with full force. This sudden packet flood disrupts
the victim's services quickly, and thus leads to attack detection.
2. Variable Rate Attacks
Variable rate attacks are more cautious in their engagement, and they vary the attack rate to
avoid detection and response.
Based on the rate change mechanism we differentiate between attacks with increasing rate
and fluctuating rate.
D. Classification by Impact
We can also classify the dos attacks depend on the impact of a DDoS attack on the victim we differentiate
between disruptive and degrading attacks.
1.
Disruptive Attacks
In disruptive attacks, the victim's service to its clients completely vanishes. All current attacks belong
to this category.
2. Degrading Attacks
The goal of degrading attacks would be to consume some (presumably constant) portion of a
victim's resources. Since these attacks do not lead to total service disruption, they could remain
undetected for a significant time period. On the other hand, damage inflicted on the victim
could be immense. For example, an attack that effectively ties up 30% of the victim's resources
would lead to denial of service to some percentage of customers during high load periods, and
possibly slower average service. Some customers, dissatisfied with the quality, would
consequently change their service provider and victim would thus lose income. Alternately, the
false load could result in a victim spending money to upgrade its servers and networks.
www.ijafrc.org
Traffic filtering, Traffic analysis, Traffic monitoring are the main function in defense system. There are
two ways of implementing, one is centralized and other is distributed. In the centralized defence system,
all workstations are placed at same place. It has higher possibility of being attack because it consists of
lesser number of resources are available for defense against DDoS attack.These resources are placed at
victim site. The centralized defense mechanism only concentrated on the victim node.The Distributed
system overcome shortcoming of the centralized system.In this defence system, components are placed
at multiple place. It has less possibility of being attack because more resources are available for fighting
against these attack. Distributed Defence system can find any attacker node in network.
IV. OVERVIEW OF DDOS TOOLS
DDOS Tools are used which are discussed as under. Attackers analyze the current trends following in the
network security field and adjust their attacks to defeat current defense mechanisms:-
1. Trinoo: This tool is used to launch a coordinated and constant-size UDP packets in a bulk on victim
machine and can lauch UDPFlood against one or many IP addresses. UDP packets are also used to
target random ports on the victim machine. Trinoo does not spoof source addresses although it can
easily be extended to include this capability.
2. Tribe Flood Network (TFN) :- This tool can generate UDP and ICMP echo request floods,ICMP
directed broadcast, TCP SYN floods. It can spoof source IP addresses and also randomize the target
ports. Communication between handlers and agents occurs exclusively through ICMP_ECHO_REPLY
packets.
3. Stacheldraht :- In this tool, features of Trinoo and TFN are combined. Communication Channels are
also encrypted. Communication is performed through Transmission Control Packets and Internet
Control Message Protocol packets.
4. TFN2K is the variant of TFN. TFN2K traffic is difficult to recognize and filter. This tool make the use
of User Datagram Protocol, Transmission Control Protocol- SYN, Internet Control Message
Protocol_ECHO flood and the attack type can be varied during the attack.This tool can forge packets
that appear to come from neighboring machines. All communication between handlers and agents is
encrypted and base-64 encoded.
28 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
[2]
[3]
[4]
[5]
www.ijafrc.org
Jelena Mirkovic & Peter Reiher , A Taxonomy of DDoS Attack and DDoS Defense Mechanisms
[7]
Christos Douligeris, Aikaterini Mitrokotsa , DDoS attacks and defense mechanisms: classification
and state-of-the-art.
[8]
Mohd. Jameel Hashmi, Manish Saxena and Dr. Rajesh Saini Classification of DDoS Attacks and
their Defense Techniques using Intrusion Prevention System
[9]
[10]
[11]
[12]
A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin and
Peter Reiher.
[13]
[14]
[15]
[16]
[17]
[18]
Jack Myers -Modeling DDoS Attacks with IP Spoofing and Hop-Count Defense Measure Using
OPNET Modeler.
Dos
www.ijafrc.org