(IMS2013004)
Dr.Abhishek Vaish
(IMS2013041)
Abhinav Nautiyal
Kompal Gulati
Problem Definition
Application DDOS attacks has been among the most
Objective
To analyze the DDoS tools on the basis of their
Introduction
What is a Denial of Service attack?
Using up resources and / or bandwidth of a server in a malicious way to
reassembly
UDP Flooding
Bots
fork() bomb
Intentionally generate errors to fill logs, consuming disk space,
crashing.
The power switch.
Against networks
UDP bombing
TCP SYN flooding
Ping of death
Smurf attack
Tools Analysed
LOIC (Low Orbit Ion Cannon)
LOIC is an open source DOS tool which was used by a very known group of hackers
anonymous. This tool is highly scalable and can be used in performing DDoS attacks, as
different users can join in via IRC (internet relay chat). This tool has a GUI based dashboard
which makes it easy for beginners to use. It is generally used for TCP, UDP and HTTP
flooding.
HOIC (High Orbit Ion Cannon)
HOIC is an advanced version of LOIC and is used by the hackers group anonymous. It performs
flooding at the targets end by sending numerous number of HTTP request. It does have an
added functionality of uploading scripts called as boosters which can be uniquely
customized depending upon on the target. This tool also provides the functionality of
controlling the speed of the attack in three different modes i.e. high, medium and low.
HULK (HTTP Unbearable Load King)
HULK is another very know tool for performing DDoS attack. It is unique in its own way as each
packet is crafted with unique request thus helping it to bypass the caching engines and
staying being undetected.
Handshake: Initially a handshake is done between two systems to establish a connection which helps in
exchange of information. During this handshake a log of IP is maintained which keeps the track of all the
activities of the clients IP. This log helps in tracing the malicious IP addresses.
GUI Interface: GUI interface refers as Graphical User interface that allows the user to interact with the
tool. It is an advantage to all naive users as it doesnt require a high level expertise for operating the tool
to launch the attacks.
Spoofed IP: This property provides the feature of anonymity i.e. it helps the attacker to launch the
attacks by keeping its identity hidden.
Valid Packet Content: This describes the authenticity of the packets content which are sent during the
attack by the attacker.
Customizable Packet Rate: It defines the inbuilt feature by which the attacker can hold the rate of
packets that he sends during the attack.
This parameter describes the type of attack done by what type of flooding at the
application layer.
Request-Flooding Attacks
HTTP GET Request: The client sends requested data packet to the server in form of
HTTP Slow Read: The attacker forces the targeted server to forward a large
(1).
We will analyze the tools on different attack vectors and
assign them
Zero If the attack vector does not exist in the tool
One - If the attack vector exist in the tool.
Will calculate the mean.
Results
Results
For LOIC:
For HULK:
P = (X2+X3+X71)/7
= (1+1+1)/7 = 0.43
P = (X2+ X71)/7
= (1+1)/7 = 0.28
For HOIC:
P=
(X1+X2+X3+X5+X6+X71)
/7
= (1+1+1+1+1+1)/7
= 0.86
For Torshammer:
P=
(X2+X4+X5+X71+X72+X73)
/7
= (1+1+1+1+1+1)/7
= 0.86
Conclusion
The application DDoS attack are mostly non volumetric and
References
[1] Monowar H. Bhuyan,H. J. Kashyap1, D. K. Bhattacharyya and J. K. Kalita , Detecting
Distributed Denial of Service Attacks:Methods, Tools and Future Directions, The
ComputerJournal, December 2012.
[3] Mohd. Jameel Hashmi, Manish Saxena, Dr. Rajesh Saini,Classification of DDoS
Attacks and their Defense Techniques using Intrusion Prevention System, International
Journal of Computer Science & Communication, Networks,Vol2(5),607-614.
[10] Pavitra Shankdhar, DOS Attacks and free DOS Attacking Tools, Infosec Institute, 29
October 2013.