‫اسم الطالب الثالثي ‪ :‬احمد سالم صالح‬ ‫اسم التدريسي ‪ :‬انوار جعفر موسى‬

‫المــــــــــــــــــــــادة ‪NETWORK SECURITY :‬‬

‫القســــــــــــــــــــم ‪ :‬شبكات المعلومات‬
‫المرحلـــــــــــــــة ‪ :‬الثاثة صباحي‬
‫الفصل الدراســــــي‪ :‬الثاني‬

‫اسم التقريرـ‬
‫)‪Network denial of service (DoS‬‬

‫‪Page 1 of 2‬‬
We discuss distributed denial of service attacks in the Internet. We were
motivated by the widely known February 2000 distributed attacks on Yahoo!,
Amazon.com, CNN.com, and other major Web sites. A denial of service is
characterized by an explicit attempt by an attacker to prevent legitimate users
from using resources. An attacker may attempt to: "flood" a network and thus
reduce a legitimate user's bandwidth, prevent access to a service, or disrupt
service to a specific system or a user. We describe methods and techniques used
in denial of service attacks, and we list possible defences. In our study, we
simulate a distributed denial of service attack using ns-2 network simulator. We
examine how various queuing algorithms implemented in a network router
perform during an attack, and whether legitimate users can obtain desired
bandwidth. We find that under persistent denial of service attacks, class based
queuing algorithms can guarantee bandwidth for certain classes of input flow.

Page 2 of 2
What is Denial of Service (DoS)?
A denial of service (DoS) event is a cyber attack in which hackers or
cybercriminals seek to make a host machine, online service or network
resource unavailable to its intended users.

Distributed denial of service attacks may be the most well-known type of

hacking incident – the 2018 GitHub and 2016 Dyn DDoS attacks being
the most prominent – but there are many other kinds of denial of service
attacks that don’t necessarily involve the distributed or botnet approach.
In virtually all cases, however, denial of service events are characterized
by the target machine or service getting flooded with incoming traffic to
the point where processing or bandwidth resources are overwhelmed
and taken offline

Page 3 of 2
Origins of Denial of Service Threats
In conventional denial of service attacks, the hacker transmits multiple
requests to the target machine or service with fictitious return Internet
Protocol (IP) addresses. When the server attempts to authenticate these
addresses, it encounters a wave of error code responses, setting off a
recurring chain of SMTP traffic that can quickly saturate the server.

Page 4 of 2
Similarly, with a Smurf Attack, the hacker would broadcast packets to
multiple hosts with a spoofed IP address belonging to those target
machines. When the recipient host machines respond, they effectively
flood themselves with responding packet traffic.
In a SYN flood, an attacker takes advantage of the TCP 3-Way
Handshake (SYN, SYN-ACK, ACK) process to take a service offline. In
the 3-Way Handshake, server A would initiate a TCP SYNchronize
request message to server B. On receiving the request, host B (the
target machine) sends a SYNchronize-ACKnowledgement packet back
to server A. It’s at this point that the denial of service attack occurs. In a
legitimate exchange to establish a TCP socket connection, the next step
would be for host A to send an ACKnowledge message back to host B,
but when the hacker controlling host A prevents this from happening, the
handshake can’t be completed. The upshot is that host B has a
connected port that’s unavailable for additional requests. When the
attacker sends repeated requests of this nature, all available ports on
host B can quickly hang up and become unavailable.
 

Page 5 of 2
Evolving Denial of Service Threats

SYN floods, banana attacks and other types of conventional DoS hacks
are still in use today – and of course, botnet-powered DDoS attacks
remain a constant threat. But malicious hackers have in recent years
broadened the number of machines and services they target, and
expanded the threat surface considerably. Increasingly, organizations
are getting targeted for lower-intensity “degradation of service” attacks
that inflict costly service slowdowns without taking resources fully offline.
This method of attack has grown increasingly common as more and
more organizations have come to rely on Amazon Web Services (AWS)
and similar cloud offerings to power their web operations.

Page 6 of 2
When a large retailer, financial services provider, consumer brand or
similar commercial enterprise hosts their website on AWS, Microsoft
Azure or other cloud operator, the arrangement will be governed by a
Service Level Agreement. In effect, the cloud operator, for a given price,
promises to make available the processing resources, bandwidth, and
support infrastructure necessary for that website to support X amounts of
web traffic, where X would be measured as gigabytes of data, number of
retail transactions, hours of uptime and related metrics. If traffic loads
exceed the agreed levels, which would be a positive if the traffic is
legitimate, the website owner would get charged at a higher rate.
This process is often completely automated, as with Amazon
CloudWatch, which has auto-scaling features to dynamically increase or
decrease processing resources as needed.
 

Page 7 of 2
Costly Denigration of Service
As one might imagine, bad actors can inject themselves into these
relationships by directing illegitimate traffic to a target website, and easily
increase the cost of doing business for a target organization. Pulsing
“zombie” servers that send intermittent traffic bursts are frequently used
in this kind of attack. Since the traffic loads in question are occasional
and not obviously from a malicious source, they appear very much like
legitimate traffic, meaning it can be extremely difficult for cyber security
staff to uncover and stop them.

Another toolset used in this type of denial of service or degradation-of-

service incident are so called “stresser” applications that were originally
designed to help website owners identify weak points in their web
infrastructure. Easy to obtain and simple to use, these apps, including
WebHive can be installed on multiple cloud instances to build up
formidable DDoS capabilities. Coordinated together in this way, these
attack tools can take large commercial websites offline for extended

Page 8 of 2
periods.

Key Denial of Service Takeaways

Denial of service attacks have shifted and changed over the years, but
the damage wrought continues to increase. A Ponemon Institute survey
of large enterprises across a range of industry sectors found that the
typical company suffers four denial-of-service incidents annually, and
that the average total cost per year to deal with DoS is approximately
$1.5 million. Putting in place a security architecture that enables you to
detect, prevent and respond to DoS attacks is a critical step in any
effective cyber security program.

Page 9 of 2