Scribd
Upload
18 views9 pages

GROUP WORK NETWWORK SECURITY AND CRYPTOLOGY

The assignment requires students to conduct a simulated network attack, specifically a DDoS attack, using Kali Linux tools and to write a report detailing the attack, defense measures, and the importance of network security protocols. Students must follow specific submission guidelines and focus on various aspects of DDoS attacks, including simulation, detection, and prevention methods. The document also emphasizes the significance of network security protocols in protecting data integrity, confidentiality, and availability.

Uploaded by

mwenyalightson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views9 pages

GROUP WORK NETWWORK SECURITY AND CRYPTOLOGY

The assignment requires students to conduct a simulated network attack, specifically a DDoS attack, using Kali Linux tools and to write a report detailing the attack, defense measures, and the importance of network security protocols. Students must follow specific submission guidelines and focus on various aspects of DDoS attacks, including simulation, detection, and prevention methods. The document also emphasizes the significance of network security protocols in protecting data integrity, confidentiality, and availability.

Uploaded by

mwenyalightson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

ASSIGNMENT BRIEF AND FEEDBACK FORM

STUDENT No. 001 - 767


LECTURER: Mr. kazeze
MODULE: NETWORK Security and Cryptology
MODULE CODE: COM411
ASSIGNMENT NUMBER:
DATE HANDED OUT:
DATE DUE IN:
ASSIGNMENT BRIEF

QUESTION 6 (GROUP WORK).


Conduct a simulated network attack ( eg. DDOS, Arp spoofing, man in the middle
etc) using tools like Kali Linux, and write a 3-4 page report detailing the attack,
defense measures, and the importance of network security protocols.

STUDENT INSTRUCTIONS
1. This form must be attached to the front of your assignment.
2. The assignment must be handed in without fail by submission date (see assessment schedule for your course)
3. Ensure that submission date is date stamped by the reception stuff when you hand it in.
4. Late submission will not be entertained unless with prior agreement with the tutor.
5. All assessable assignments must be word processed.
This assignment is intended to assess the student`s knowledge in all of the following areas.
However, greater emphasis should be given to those items marked with a

(Tutor: - please tick as possible)


A. DDOS ATTACK

A distributed denial-of-service attack disrupts the operations of a server, service, or


network by flooding it with unwanted internet traffic. At their worst, these attacks can
knock a website or entire network down for extended periods of time.

1. HOW DDoS Attacks Work


DDoS attacks work by directing malicious traffic to a target via multiple computers.
Often, these machines form a botnet: a group of devices that have been compromised
by malware and can be controlled by a single attacker. Thus, a DDoS attack may
involve multiple attackers or DDoS attacks tools (e.g. stress-testing applications-
{LOIC)or low-and –slow apps(SlowLoris).
a. Application Layer attacks (layer 7 DDoS attacks overwhelming the target’s
server and network resources with legitimate-seeming HTTP requests.
b. Protocol Attacks or state-exhaustion attacks overwhelm network equipment
and infrastructure by using layer 3 or 4 protocols (e.g. ICMP) to flood the
target.
c. Volumetric attacks using amplification techniques- such as deploying a
botnet or exploiting common networking protocols to consume all of the
available bandwidth.
2. DDoS Attack Simulation
In this simulation, we will exploit the TCP protocol 3-way handshake to disrupt
service and network operations on a local server with the host address 127.168.1.159
targeting port 80. The DDoS (TCP SYN Flood Attack) was performed using Kali
Linux & hpin3 and correctly identify one suing the Wireshark protocol analyzer.
3. TOOLS
 Hping3 is a network tool able to send custom ICMP/UDP/TCP packets, and to
display target replies like ping does with ICMP replies
Using hping3 a TCP penetration testing tool included in the Kali Linux the
command below was used to send multiple DDOS requests to the target
(192.168/1/159)

Command

o -c15000 - we are sending 15000 packets) at size of 120 bytes(-d 120) each
o SYN Flag (-S) enabled, with TCP window size of 64(-w 64)
o –p 80 =Direct the attck to http server
o –flood = Send the the apckets as fast as possible
o --rand-source = Generate spoofed IP addresses to disguies the real source and
avoid detection
o Stop the victim’s SYN-ACK reply packets from reaching the attcaker
 Wireshark
Wireshark is the leading network protocol analyser globally, allowing you to examine
network activity in great detail. It is the de facto standard, and in many cases the
official standard, used widely across industries and educational institutions.
Port 80 was selected on Wireshark so as to monitor the traffic on the port

DETECTING A SYN FLOOD ATTACK WITH WIRESHARK

Wireshark was used to see if the attack was successful


As you can see below, there is a high volume of SYN packets with very little variance in
time. Each SYN packet shows it’s from different source IP address with a destination port
80(http), identical length of 120 and window size (64).
Filtering with tcp.flags.syn==1 and tcp.flags.ack==1 we see that the number of successful
SYN/ACK is small. A sign of a TCP SYN attack

By opening protocol hierarchy statistics, we also see the unusual high volume of TCP packets
The Wireshark’s graph shows a massive spike in overall packets from near 0 to 2400 packets
a second.

All these metrics point to a DDoS attack.

B. DEFENCE MEASURES AGAINST DDoS ATTACKS

DDoS Prevention Methods

 Attack Surface Reduction-limiting surface exposure can minimize the effect of a


DDos attack. Several methods of reducing exposure include
 Restricting traffic to specific locations
 Implement Load Balancing: in hardware or software. e.g. Distributing traffic
through multiple servers can prevent a DDoS attack from overwhelming a single
server or resource
 Blocking communication from outdated or unused ports, protocol, and
applications
 Anycast network diffusion helps increase the surface area of an organization’s
network, so that it can more easily absorb volumetric traffic spikes and prevent
outages by dispersing across multiple distributed servers.
 Real-time Threat Monitoring – Log audits can help pinpoint potential threats by
analyzing traffic patterns, spikes, or unusual activity, and adapting to defend
against anomalous requests, protocols, and IP blocks
 Caching –Using Content Delivery Network(CDNs) to naabsorb traffic spikes and
distribute request across their network, which can mitigate DDoS impacts
 Implement Rate-limiting on APIs and services to restrict the number of requests a
user can make in a given time.

DDoS Prevention Tools

o Web Application Firewall – helps to prevent attacks by inspecting, filtering and


blocking HTTP traffic between web applications and the Internet. A security policy
can be implemented to control traffic from specific locations and IP addresses.
o Always-On threat protection against volumetric attacks

o Network segmentation – This can limit the impact of a DoS attack by the creation of
VLANs, VPNs, and firewalls can limit the spread of an attack. The optimal solution is
zero trust micro segmentation. Adding device-level and device-cloaking firewalling,
external to the operating system remains the most reliable form of DoS protection.

C. Importance of Network Security Protocols

Network security protocols are essential for protecting data integrity, confidentiality, and
availability in a networked environment.
 Data Protection - Security protocols encrypt data in transit, ensuring that sensitive
information remains confidential and is protected from eavesdroppers.
 Authentication - Protocols like SSL/TLS and Kerberos authenticate users and
devices, helping to ensure that only authorized entities can access network resources.
 Integrity Assurance - These protocols verify that data has not been altered during
transmission. This helps prevent tampering and ensures data’s authenticity
 Compliance and Regulation - Implementing security protocols helps organizations
comply with laws such as GDPR, HIPAA
 Defense against Attacks – Protocols are designed to protect against various cyber
threats such as man-in-the-middle attacks, reply attacks, and unauthorized access
REFERENCE
 How to prevent DDoS attacks | Methods and tools. Available at:
https://www.cloudflare.com/learning/ddos/how-to-prevent-ddos-attacks/ [Accessed on
26th October, 2024)
 BYOS. Denial-of-Service (DoS) Attack Prevention: The Definitive Guide. Available
at: https://www.byos.io/blog/denial-of-service-attack-prevention [Accessed on 26th
October, 2024]
 How to Perform TCP SYN Flood DoS Attack & Detect it with Wireshark - Kali Linux
hping3. Available at: https://www.firewall.cx/tools-tips-reviews/network-protocol-
analyzers/performing-tcp-syn-flood-attack-and-detecting-it-with-wireshark.html
[Accessed on 26th October, 2024]

You might also like