Name: Date:

Honor Pledge: I pledge that the only resources I used to complete this homework were the course textbook, the course slides, or my personal course notes. I did not confer with any other student, consult any solutions manuals, printed or on-line, nor did I do any Internet searches to solve any problems for this homework assignment. The solutions below are my own work.

Student Signature___________________

Cyber Security Fundamentals – CHAPTER 7 HOMEWORK
60 points total

7.A [15] In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 700 bytes in size (ignoring framing overhead). How many of these packets per second must the attacker send to flood a target organization using a 0.6-Mbps (Megabits per second) link? How many per second if the attacker uses a 3-Mbps link? Or a100-Mbps link?

Solution:

7.B [15] Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 512 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests. At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full? Assuming that the TCP SYN packet is 50 bytes in size (ignoring framing overhead), how much bandwidth does the attacker consume to continue this attack?

Solution:

7.C [20] Consider a distributed variant of the attack we explore in Problem 7.A. Assume the attacker has compromised a number of broadband-connected residential PCs to use as zombie systems. Also assume each such system has an average uplink capacity of 128 kbps. What is the maximum number of 700-byte ICMP echo request (ping) packets a single zombie PC can send per second? How many such zombie systems would the attacker need to flood a target organization using a 0.6-Mbps link? A 3-Mbps link? Or a100-Mbps link? Given reports of botnets composed of many thousands of zombie systems, what can you conclude about their controller’s ability to launch DDoS attacks on multiple such organizations simultaneously? Or on a major organization with multiple, much larger network links than we have considered in these problems?

Solution:

7.D [10] Assume a future where security countermeasures against malicious DoS attacks are much more widely implemented than at present. In this future network, antispoofing and directed broadcast filters are widely deployed. Also, the security of PCs and workstations is much greater, making the creation of botnets difficult. What do administrators of server systems still have to be concerned about with respect to network traffic beyond what their servers can normally handle? What types of events can still occur, and what measures can be taken to reduce their impact?

Solution:

Published by
Essays
View all posts