Ddos Attack Simulation Assignment Sample

Introduction

Distributed denial of service or DDoS attacks is a variable denial of service attacks, where an attacker or group of attackers use several computers to execute a DoS assault simultaneously to maximize the reliability and intensity of a denial of service attack(Wei et al., 2017). The attacks are most carried out by the "army" consisting of innocent zombie computers programmed as bots and managed by a command and control system in a botnet by the attackers(Singh et al., 2017). A botnet is powerful, co-ordinated, with millions of computers available. It also means that the initial assault is anonymous because the distributed denial of service attack is focused on the IPs of the bots and not on the attacker(Balyk et al., 2017). This "army" may, in some cases consist of hired hackers/hacktivists engaging in massive distributed denial-of-service assault (Project Blackout, Operation Payback, etc.). This is especially true for political DDoS attacks.

The effort to avoid lawful visitors during a distributed denial of service attacks on any of the above layers from accessing the standard data on the platform, from accessing private data, from vandalizing a domain or from shutting down a server altogether(Garg & Sharma, 2017). This will occur in any industry, from financial institutions and banks or e-commerce or B2B. This is likely. During the DDoS attack, a network with requests and details that be invaded by attackers(Mohd et al., 2018). The infiltration of a committed community of attackers through collective means may be done, or tools for usage, by an organization such as a "hacktivist" or another co-ordinated individual(Xu & Liu, 2016). You can also search for new vulnerabilities programs and servers or seek to gain access to confidential data(Hilferty, n.d.). The explanations that the denial of service attacks is spread that vary, from "hacktivism" to criminality and such approaches may be changed(Hong et al., 2018). To ensure that networks and sites are safe against the new changes in this rapidly evolving countryside, you need a comprehensive protection package. Radware provides a variety of DDoS security tools that defend your properties from intruders and hackers by upgrading rapidly and addressing new approaches to attacks.

Looking for Help With Assignments in the UK? Look no further than Native Assignment Help. Our team of experienced professionals is dedicated to providing top-notch assistance to students across the UK, ensuring they excel in their academic endeavours.

Tools and Platforms

AWS EC2

As a primary product from Amazon web services, AWS EC2 or elastic disk platform is useful to build online virtual machines with various operating systems and configuration choices. Fast to load and run the EC2 instances. Stable and scalable is AWS EC2. Based on company requirements and costs strategies, AWS embraces different forms of EC2 scenarios. The cases relate to the IP to enable remote access to the EC2 instances; the IP is defined as elastic IP Address. These are the complete controller for beginning, accessing, stop- or depleting AWS account usage. Storing solutions such as EBS for volume data storage are synonymous with AWS EC2.

Attack/Manager Machine

Parrot Linux is a free, open-source Debian testing focused distribution for Protection expert(s), developer(s) and privacy-conscious users, GNU / Linux distribution (Parrot Security, Parrot OS, Parrot GNU / Linux). It provides a complete arsenal for IT protection and digital forensics, but also everything you need to build your applications or secure your privacy when browsing the Internet. The program is preinstalled and available in many different flavours to suit the specifications for the MATE desktop configuration. Kali's a little slow when we think about efficiency because when you run it on a low-end machine, it is also a problem. After all, you have a hard memory job running in the background while something important is being performed. Yet Parrot is tiny and laggard since it is still working on low-specification platforms.

Docker

Docker helps developers to bundle software into containers - modular runtime modules that combine the source code for apps with all the libraries of the OS and dependencies needed for the system to work in any setting. Docker allows it faster, cheaper, and cheaper, to create, deploy and maintain containers while developers can produce boxes without Docker. This toolkit is essentially used by developers to build, deploy, execute, update, and stop the use of simple controls and automation that can save work. Docker often applies to the enterprise edition of Docker Inc. and to the open-source initiatives that Docker Inc. and several other companies and people are contributing to. Docker usually applies to Docker, Inc. Containers are made feasible by operating system (OS) separation and virtualization methods, which permit multiple program components to share OS kernel resources in the same manner as multiples virtual devices (VMs) can share the help of a single hardware machine with multiple instances of an OS kernel.

Slurm

Slurm is another Linux network load surveillance method that displays findings in a beautiful ASCII map and supports other interface keys.

FastNetMon

FastNetMon's DoS/DDoS load analyser is based on several capture monitors (NetFlow, IPFIX, sFlow, SnabbSwitch, netmap, PF RING, PCAP).

Lab Setup

Cloud Setup

First, we go the Amazon Web Services and register a free account there. The free account gives us limited access to the AWS EC2 (Amazon Web Services, Elastic Compute 2), which is a cloud based virtual machine service. The free account is enough for our experiment. Using the EC2 dashboard we spin up an Ubuntu virtual machine with default configuration. We also generate a private key in PEM format which will help us access the virtual machine via its public interface using SSH. Now, we switch to PowerShell in our host machine (Windows 10) and SSH into this Ubuntu EC2 AWS instance using our private key. Right now, the only port 22 (SSH) is open on this virtual machine on public IP. We install and start the Apache2 webserver, so that we can have port 80 open against which we will launch the DDoS attack. We also made changes to the EC2 instance security group to allow incoming and outgoing traffic on port 80 (HTTP). We install a tool known as Slurm to manage the packet traffic on the specified interface. Now, we test the proper functioning of our dummy HTTP victim virtual machine server in cloud using nmap (network mapping tool) and web-browser. It is functioning properly.

Local Setup

Now we switch to VirtualBox and spin on our attack machine, which is Parrot OS. We install the Docker CE (Community Edition) on our attack machine. After installing Docker CE, we create a simple bash script to curl the front page from our cloud webserver. And we put this curl command in an infinite loop, until exited. We give the execution permission to this script and then test it. A point to be noted here is that according to the policy of AWS, we can conduct controlled DDoS attacks against AWS resources but we cannot use AWS resources to conduct attacks, hence, we are using Docker CE for that purpose. After successfully testing the script, we stop it. We setup a Docker image cloned from another image and name it for future use. This completes the basic lab-setup.

Experiment And Results

Unmitigated Experiment

First, we go the Amazon Web Services and spin on our Ubuntu AWS EC2 (Amazon Web Services, Elastic Compute 2) webserver, using the EC2 dashboard. We copy the public DNS of our cloud webserver. Now, we switch to PowerShell in our host machine (Windows 10) and SSH into this Ubuntu EC2 AWS instance using our private key and the public DNS. We launch the tool Slurm to inspect the packet traffic on the eth0 interface. Now, we switch to VirtualBox and spin on our attack machine, which is Parrot OS. We already have the Docker image setup and the image is targeted to launch a DoS attack against our webserver. Now, we will use a special Docker feature called as Docker Swarm. Docker Swarm will effectively convert our plain DoS attack into a DDoS (Distributed Denial of Service) attack. We will initialize the Swarm command on our attack machine, this will make our machine as a manager node and gives us an opportunity to spin of multiples instances of our image.

We go forward and initialize the Docker Swarm. Now, we pre-build the Docker image (which contains the script for DoS). After that we create a Swarm service and name it. It automatically launches a single instance of our image. We observe that there is a 100% jump in our incoming packet traffic, which now stands at around 1 KB/s. Now, the primary advantage of Docker Swarm service is that we can resize it. We issue the command to scale up the Docker service name ddosattack to 100 instances. And, as the instances come up, we see jump in our incoming packet traffic at the cloud webserver, which now stands at around 1 KB/s addition per new instance. We almost touch the traffic of 100 KB/s on our cloud webserver. But at the same time, we see that the traffic is not organized and there are disturbances in the network traffic. This end the unmitigated version of our experiment.

Mitigated Experiment

In this experiment too, we go the Amazon Web Services and spin on our Ubuntu AWS EC2 (Amazon Web Services, Elastic Compute 2) webserver, using the EC2 dashboard. We copy the public DNS of our cloud webserver. Now, we switch to PowerShell in our host machine (Windows 10) and SSH into this Ubuntu EC2 AWS instance using our private key and the public DNS. We launch the tool Slurm to inspect the packet traffic on the eth0 interface. Additionally, we install the FastNetMon in our cloud virtual machine. FastNetMon is an opensource tool which can prevent web-server installations like Apache2 against DDoS attacks. We also open the FastNetMon client window to make observations. Now, we switch to VirtualBox and spin on our attack machine, which is Parrot OS. We already have the Docker image setup and the image is targeted to launch a DoS attack against our webserver.

Figure 1: Mitigation of DDoS Attack Traffic (Slurm)

Figure 2: Mitigation of DDoS Attack Traffic (FastNetMon)

Figure 3: Mitigation of DDoS Attack Traffic (top)

References List

Balyk, A., Karpinski, M., Naglik, A., Shangytbayeva, G., &Romanets, I. (2017). USING GRAPHIC NETWORK SIMULATOR 3 FOR DDOS ATTACKS SIMULATION. International Journal of Computing, 219-225. http://www.computingonline.net/computing/article/view/910

Garg, S., & Sharma, R. M. (2017). Anatomy of botnet on application layer: Mechanism and mitigation. 2017 2nd International Conference for Convergence in Technology (I2CT). https://doi.org/10.1109/i2ct.2017.8226284

Hilferty, J. (n.d.). The Anatomy of a DDoS. Retrieved August 27, 2020, from https://www.usenix.org/sites/default/files/conference/protected-files/lisa19_slides_hilferty.pdf

Hong, K., Kim, Y., Choi, H., & Park, J. (2018). SDN-Assisted Slow HTTP DDoS Attack Defense Method. IEEE Communications Letters, 22(4), 688-691. https://doi.org/10.1109/lcomm.2017.2766636

Mohd, T. K., Majumdar, S., Mathur, A., &Javaid, A. Y. (2018, November 1). Simulation and Analysis of DDoS Attack on Connected Autonomous Vehicular Network using OMNET++. IEEE Xplore. https://doi.org/10.1109/UEMCON.2018.8796717

Singh, K., Singh, P., & Kumar, K. (2017). Impact analysis of application layer DDoS attacks on web services: a simulation study. International Journal of Intelligent Engineering Informatics, 5(1), 80. https://doi.org/10.1504/ijiei.2017.082564

Wei, W., Song, H., Wang, H., & Fan, X. (2017). Research and Simulation of Queue Management Algorithms in Ad Hoc Networks Under DDoS Attack. IEEE Access, 5, 27810-27817. https://doi.org/10.1109/ACCESS.2017.2681684

Xu, Y., & Liu, Y. (2016, April 1). DDoS attack detection under SDN context. IEEE Xplore. https://doi.org/10.1109/INFOCOM.2016.7524500