Scribd
Upload
32 views

Mekelle University: Mekelle Institute of Technology

This document proposes testing denial of service (DoS) attacks on web services. It introduces DoS attacks and why testing for vulnerabilities is important. The objectives are to test for vulnerabilities caused by DoS attacks and check if packets are spoofed. The methodology includes setting up testing environments using tools like Kali Linux, Scapy, LOIC and Wireshark. The timeline allocates 2 weeks for setup and 2 weeks for testing to identify DoS attacks. The goal is to provide early warnings and prepare preventative mechanisms.

Uploaded by

zinabuhaddis16
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
32 views

Mekelle University: Mekelle Institute of Technology

This document proposes testing denial of service (DoS) attacks on web services. It introduces DoS attacks and why testing for vulnerabilities is important. The objectives are to test for vulnerabilities caused by DoS attacks and check if packets are spoofed. The methodology includes setting up testing environments using tools like Kali Linux, Scapy, LOIC and Wireshark. The timeline allocates 2 weeks for setup and 2 weeks for testing to identify DoS attacks. The goal is to provide early warnings and prepare preventative mechanisms.

Uploaded by

zinabuhaddis16
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Testing Denial of Service (DoS) Attack on Web Service

MEKELLE UNIVERSITY
Mekelle Institute of Technology
Department of Computer Science and Engineering

Testing Denial of Service (Dos) Attack on

Web Service

Proposed By:
Name: ID: Dep.t:
Niyat Hagos Mit/0108/06 Cse
Haftom Abraha Mit/0062/06 Cse
Filimon Haile Mit/0039/06 Cse
Haile Tekulu Mit/0068/06 Cse
Submitted to:

Mr.Mearg

1
Testing Denial of Service (DoS) Attack on Web Service

Introduction
In present time attackers, hackers and other international cyber terrorists have
become large problems for users of computer systems connected to the internet.
Those attackers use different methods to hack and attack the specified network
resource.one of those attacks is Denial of service (Dos) attack which is an attack
with the purpose of preventing legitimate users from using a specified network
resource such as a web site, webserver, or computer system [1].this attack is
coordinated attack on the service or network that is implemented indirectly through
many automatic and complex computing system. Those compromised systems help
for the attackers to make a more difficult disruptive attack on the network and get a
larger wage from the victim service. Related to that with increased number of users
of internet and individual networks the DoS attack is also increased. On the other
hand the requirement of an effective system to detect these attacks is increase time
to time.so our system works similar activities to detect and test those attack in the
network.

Problem statement
The impact of Dos attack is widely spread and growing rapidly by causing troubles
in the web service and also by decreasing the performance of the service used
(opening files or accessing site) by individual internet users and different companies
in the world.so that there is a need to test the web services every time to have reliable
service and to be more secure from these attacks unless if they are not tested carefully
and effectively every victim get a huge challenge to save its resource, to set
preventative mechanisms and to use its service efficiently. Furthermore forgetting to
make testing mechanism in web services of any company leads to increase cost
expenses, to be hacked to loss productivity etc. which may
be done by their system developers (lack of honesty) or other external hackers which
make some vulnerability in the system.so these and other problems motivated us to
propose a system that identify (test) the vulnerability occur on web services by DoS
attacks.

Research question
The DoS attack attacks the network by penetrating security networks and other
preventative mechanisms to steal an information and disrupt users.so there is a need

2
Testing Denial of Service (DoS) Attack on Web Service

to avoid and prevent those attackers from the network in order to have a smooth and
reliable service.so

How can we test the vulnerabilities occur on the web service by DoS attacks?

How can we detect weather the attacker is spoofed the packets transferred on the
network?

Hypothesis
and identified using multiple
tool sets by manipulating packets to scan a network and to make penetration testing
in order to find a less vulnerable service attack and check the packets if they are
spoofed or not in the network. The tools that we use mainly for the testing are kali
Linux, Scapy, LOIC and wire shark for effective and easy work.

Literature review
Protection against DoS and ddos attacks highly depends on the model of the
network and the type attack taken place on networking area. So to solve this
attacking problems several mechanisms are proposed before. However most of them
have weakness and fail under certain scenarios.as an example let as see some of the
existing mechanisms against DoS attacks.

Protocol reordering and protocol enhancement methods make security protocols


more robust and less vulnerable to resource consumption attacks [2]. Another
mechanism is the Deterministic packet marking (DPM) that uses to identify dos
attacks [3].this mechanism depends on the routing information encapsulated in the
packet header by the routers in the network. However the size of the ip packet is
increased as the size of the ip header increase linearly with number of hops traversed
that causes a complex process in the network. So that compared to the above
proposed systems our proposed system is more reliable and effective in testing and
identifying those attacks.

3
Testing Denial of Service (DoS) Attack on Web Service

Objective
The main purpose of this proposal is to test the occurred by DoS
attack in web services and other internet users which provides an early message to
prepare (set) a preventative mechanisms and check their service in the
network.

Methodology
To implement the proposed system the following main tasks will be done:

Setup the work environment to make the testing activities


Here we use a Virtual box software used to install available linux and
windows operating systems for the attacker (Ubuntu client 16.04) and
server victim (Ubuntu server 16.04).
We install multiple tools for manipulating packets which can be used
to effectively scan the network and used for dos attacks. Done by
creating any type of packet with a needed characteristics that can take
down a host or network.

Kali Linux (os)


Scapy
LOIC
Wire shark
After preparing the working environment we start to test and identify the DoS
attacks on the specified network with help of the tools we install.

Project Timeline

2 week to set up the working environment (installing tools)


2 week for doing the main tasks of testing and identifying DoS attacks

4
Testing Denial of Service (DoS) Attack on Web Service

The brief timeline schedule looks as follows (tabular)

Milestone Time schedule


Submit first draft of project proposal March 22,2017
Present project proposal March 29-31,2017
Submit final draft of project proposal April 07,2017
Set up working environment April 10-17,2017
Testing process April 20-May 04,2017
Submit project progress report May 17,2017
Submit final project report June 07,2017
Present project June 06-10,2017

References
[1].D.karig and R.Lee, Remote Denial of Service Attacks and Countermeasures. Princeton, NJ:
Princeton University Department of Electrical Engineering Technical Report CE-L2001-002, Oct
2001, P. 17.

[2]. K.Matsuura, and H.Imai, Protection of Authenticated Key-Agreement Protocol against a


Denial-of-Service Attack. Minato-ku, Tokyo: University of Tokyo Roppongi. July 2001, P. 4.

[3].Blog.qualys.com, Identifying slow http attack vuln on web , 2011.


[Online].Available:
https://blog.qualys.com/securitylabs/2011/07/07/identifying-slow-http-attack-vulneralities-
onweb-applications. [Accessed: 15-Mar-2017]

You might also like