Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Network Security and DDoS Attack Countermeasures

Verified

Added on 2020/10/22

AI Summary

The provided document is a comprehensive analysis of network security challenges and DDoS attack countermeasures. It includes a list of references to research papers on topics such as IP spoofing detection, DPHCF-RTT packet filtering technique, and software-defined networking (SDN) controller scheduling method to mitigate DDoS attacks. The document also provides an illustration of statistics of network signals on IP and is suitable for publication on Desklib, a platform offering best past papers and solved assignments for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

ICT 811

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

TABLE OF CONTENTS
TRACE 1.........................................................................................................................................1
HTTP Trace.................................................................................................................................1
Sites visited.................................................................................................................................1
We searched for...........................................................................................................................1
List of IP addresses of sites visited.............................................................................................3
Trace 2.............................................................................................................................................3
HTTPS Trace..............................................................................................................................3
Certificate issuing authority........................................................................................................4
Encryption algorithm..................................................................................................................4
Key and size of key used in encryption......................................................................................4
Expiration date and time on the issued certificate......................................................................4
Complete cipher suite supported by browser..............................................................................4
Cipher suite supported by server.................................................................................................4
Trace 3.............................................................................................................................................5
FTP Trace....................................................................................................................................5
Login name and password used for connecting to FTP server...................................................5
Difference between active and passive FTP...............................................................................5
What files were downloaded. What is their download path and size?......................................11
TRACE 4.......................................................................................................................................11
Trace route tool.........................................................................................................................11
IP addresses observed during trace routing between sender and receiver................................13
Trace 5...........................................................................................................................................13
POP3 Trace...............................................................................................................................13
Login name and password used................................................................................................13
Email details..............................................................................................................................13
TRACES 6, 7, 8 & 9......................................................................................................................16
Networking attacks....................................................................................................................16
Target domain in network attacks:............................................................................................18
REFERENCES .............................................................................................................................20

TRACE 1
HTTP Trace
A packet analyser is considered as any software or application that can be used to analyse
the packets over the network (Yan, Gong and Yu, 2017). Along with packets, it can also help in
logging the traffic that is being passed on the network. There are various ways that can be used
to analyse packets but the report involves the application of Wireshark for packet analysing
because there are some specialised features such as providing statistics of packets and also helps
in analysing the traffic over network.
There are a few ways of capturing data and some of these are discussed as under :
Sites visited
URL : www.booktopia.com.au
We searched for
Ping results : The ping results of www.booktopia.com.au were as under :
1

It represents the name server mapping of www.booktopia.com.au. Status is OK and the
root server glue IP is estimated as 65.22.199.1
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

List of IP addresses of sites visited
103.43.119.212
Trace 2
HTTPS Trace
After analysing the packets, the domain name that was resolved was
www.booktopia.com.au
The DNS analysis of the same is represented as under :
3

It is the DNS traversal for different name servers and for each name server, some response time
has been allotted. The status of each name server is efficient till now and thus, the processing of
packets is being done effectively.
Certificate issuing authority
A public key infrastructure (PKI) is the certificate issuing authority. It involves avariety
of policies and frameworks that play an essential role in managing and handling of all digital
certificates along with the public key encryption.
Encryption algorithm
Although there are variety of algorithms that can be used for encryption but in this
website and IP, RSA has been used because it is considered as one of the effective public key
encryption algorithm. In this, a public key has been used for encryption of the information and a
private key is there if in any case, some decryption has to be done (Afanasyev and et.al., 2013).
Key and size of key used in encryption
Public key has been used for encryption. Although public key comes in different size
such as 128, 256 or 192 bits but the size of the public key used in encryption in this IP is 193
bits.
Expiration date and time on the issued certificate
The expiration date is given 10 years after the issue date of the certificate.
4

Complete cipher suite supported by browser
There are enormous number of cipher suites that are supported by browsers but the one
that is being used by this IP address is AES CBC 256 bit. It can also be considered that this is
supported in various browsers as well. Some well known and popular examples of browsers
include Chrome, Mozilla etc. and the cipher suite of this website is compatible in both of these
browsers. So, the customers can easily access the website of www.booktopia.com.au .
Cipher suite supported by server
The transport layer security (TLS) and Secure socket layer (SSL) is considered as the
cipher suites that have been used in www.booktopia.com.au . There are different algorithms
involved in this cipher suite. Some algorithms that have been involved are bulk encryption
algorithm, key exchange algorithm and message authentication code (MAC).
Trace 3
FTP Trace
File transfer protocol is considered as a standard protocol of network that helps in
completing the sharing of files and information between a server and a client. Along with
exchange of information and files between client and server, it also helps in providing an access
to the archive files of the software.
Login name and password used for connecting to FTP server
As it is quite similar to connect to FTP server as it is just like connecting to any website
generally over the internet. So, the login name and password that was used while connecting to
the ftp server like media fire was as under :
IP of www.mediafire.com : 104.19.195.29
Login name :Mymedia123
Password : 12@453**12
Difference between active and passive FTP
The active and passive ftp connections in the trace are represented as below :
5

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

The IP address of media fire is 104.19.195.29 and is represented as below :
The transfer of data packets can be easily represented as below :
6

On pinging the IP address of the website, the number of data packets transferred and lost can be
analysed easily on the command prompt.
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

On tracing the packets on this IP, the results were as under :
9

Packets can be analysed after capturing them on Wireshark. The source and destination IP's are
clearly seen along with the specific protocol. Also, it involves the average time that each single
packet gets while sending or receiving.
10

11
Illustration 1: statistics of network signals on IP

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

There are two models of FTP and these are considered as active and passive. In case of passive
FTP, it makes use of a PASV command. This is considered as an effective command because it
is classified as a more secure form in which the information and data can be transferred. In this,
rather than the means of FTP server procedure, the information flow is controlled by the File
transfer protocol. In case of active FTP, some factors are changed such as the IP and the user ID.
By means of the text box provided, the whole session of file transfer starts.
What files were downloaded. What is their download path and size?
The setup for media share was downloaded. The size of the file is 37.37 MB.
TRACE 4
Trace route tool
Trace route tools identify or monitor the path between data source and server. If there is
any kind of error or issue between the path of transmission these tools helps to bring them in
notice so that they can be removed on time. When data packet is transferred from one website to
other, this tool will show the routing path. It will also describe the description of routers involved
in the transmission. Trace routing tools measures the protocol latencies and network
connectivity. The target device from which data packets starts moving can be connected via
LAN or internet. Advanced trace route tools also provides the IP address resolution to the host
names. It gives the statistics related to lost data packets during transmission, round trip time and
its extreme values(Yan, Yu and et.al. 2016). Trace routes are not beneficial and useful until they
are used with minimum of two routers in network. When routing path are analysed by these
tools, it is also easy to diagnose the network failure issues. When data packets are sent then after
passing data each router reply. It gives the routing path between source and destination. When it
12

is difficult to communicate with server, then also trace route tools analyse the source and
location of error. Thus, these tools servers the following objectives:
 They describe the entire routing path through which data travels.
 They provide complete description of devices and routers located in the routing path.
 Trace route tools also analyse the time specifications during data transfer.
There are mainly three types of trace route programs(Gasti, Tsudik and et.al. 2013).
TCP trace route: It transmits the data packets in the form of TCP packets. These tools are most
effective in bypassing the filter devices such as firewalls. When data routing paths are blocked
by firewalls, then in such cases TCP trace routes effectively traces the routing path.
UDP trace route: Trace routing tools with UDP data packets works with TTL in the internet
protocol header. For tracking the route the UDP packets (user datagram protocol) are transmitted
to a port value which is not valid. Thus, the destination port will not accept the packet and will
return ICMP destination. The router will give the ICMP time to live or time exceeded. This
process is repeated until TTL acquires high value to reach the target destination.
ICMP trace route: This tracing tool works in similar manner as the UDP tool. In this type of
trace route tool internet control message protocol (ICMP) echo generates the message request.
The hops will generate the reply messages in the form of ICMP time exceed message. The ICMP
echoes are received as reply from the final destination(Afanasyev, Mahadevan and et.al. 2013).
Limitations of Trace route tools:
The trace routing tools finds it difficult to trace asymmetric paths of the network. These tools
also does not analyse the interfaces, they give information about only IP address. The ICMP
transmission results in longer time delay than the actual delay caused by network traffic.
13

IP addresses observed during trace routing between sender and receiver
The IP addresses that were observed during the trace routing are as under :
Source
192.168.1.109
109.29.44.3
Destination
104.19.195.29
192.168.1.100
Trace 5
POP3 Trace
Login name and password used
Username : xyzpp@hostname.in
Password : 9O0PL7%^23
Email details
The account has received 5 emails.
1.
From: admin@aaa.com
Subject: network connectivity
To: A@aaa.com
Date: 2 July 2018
Dear sir,
I have received your complain regarding the slow network connectivity. I have
discussed with IT department of our organisation. They are working on troubleshooting the
issues. They will update you soon. Till the problem is solved you can use temporary Wi-Fi
connections of the organisation.
For any queries, feel free to contact.
Thanks and regards
14

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Admin (aaa organisation)
2.
From: hr@aaa.com
Subject: network security concern
To: IT@aaa.com
Date: 5 July 2018
Dear sir,
The systems of HR department of our organisation are receiving malicious mails. These
mails make the system hang and are affecting the routine working. These may also steal the
sensitive information. As these is the matter of security of our organisation, I request you to
kindly look into the matter. If antivirus and firewalls and other safety measures are not update
then kindly ensure the same at the earliest.
For any queries, feel free to contact.
Thanks and regards
HR (aaa organisation)
3.
From: accounts@aaa.com
Subject: Request for providing trace routing of our system
To: networking @aaa.com
Date: 6 July 2018
Dear sir,
From the last few days I have noticed that incentive related documents are disclosing via
the network system of accounts department. It is important for us to identify the system and its
15

admin who is involved in this illegal activity. So I request you to please conduct a trace routing
of our systems which involves the transmission of such sensitive information. Hoping for your
earliest response so that we can take the necessary actions against the guilty. Details are
provided in the attachment.
For any queries, feel free to contact.
Thanks and regards
Accounts (XYZ organisation)
4.
From: sales@aaa.com
Subject: Request for Hardware and software
To: networking @aaa.com
Date: 6 July 2018
Dear sir,
Recently we have undergone into our team expansion. So we have 5 more members who
have joined our department. So we require necessary hardware and software instalments on
systems. They will join our organisation within 5 days so we request you to kindly ensure the
same in marketing department as per requirement.
For any queries, feel free to contact.
Thanks and regards
sales department (XYZ organisation)
5.
From: admin@aaa.com
Subject: Request for providing network security documentation for audit purpose
16

To: networking @aaa.com
Date: 8 July 2018
Dear sir,
You must be well aware regarding the annual inspection which is going to be held in
next week in organisation. For the audit purpose all the documents need to be competed. So you
are requested to prepare the statements for network security measures installed in our
organisation, and emerging requirements of hardware and software. Kindly provide the report
on time and with proper statistics of previous quarter.
For any queries, feel free to contact.
Thanks and regards
admin (XYZ organisation)
TRACES 6, 7, 8 & 9
Networking attacks
The networking attacks are the mechanisms which does not obey the network security
rules and regulations, and thus keeps the security and privacy of the network at risk. Usually in
networking attacks, the malicious data traffic is send in a format that it is very difficult to
distinguish it with the original data traffic of the system. The most vulnerable and dominating
attacks are as below: Reconnaissance:For attacking any network the attackers first acquire the complete
knowledge of network, software and hardware and networking topology. This knowledge
is acquired by network scanning which is known as Reconnaissance. It is also one of the
dominant security threat(Gont and Chown, 2016).
 Denial of service (DOS) attack: In these types of attacks, attackers generates the
excessive network traffic so that resources of network becomes inaccessible. The
excessive generated traffic can crash the server as the router capacity exceeds. It can
17

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

directly attack particular device or memory usage. Some of the most common examples
of DOS attacks are as follows:
 The attackers use 'ping' tool for exceeding the size of IP packet from its maximum size
65536. These ping of death attacks crashes the system.
 For service denial attackers also use TCP SYN flood attack. In this type of networking
attacks the attackers repeatedly sends spoofed data packets which seems to be valid and
hence they make a queue(AbdAllah, Hassanein and Zulkernine, 2015). Due to this
pending queue the host client continuously generates synchronisation request (SYN
request) which are not acknowledged by the server by ACK flag. It causes the incomplete
connections and hence service is denied.
 Network attacks can exploit the IP Protocols in a way such that when network
administrator reassemble the fragmented IP packets it results in system crash. These
types of network attack are known as teardrop attacks. The smurf attacks are also one of the most vulnerable DOS attacks. These attacks
generate the spoofed ping messages (ICMP) for creating high network traffic. It
consumes more bandwidth and remote system can be easily crashed by the attackers.
ICMP is used by the system for detecting the availability of network devices. It is
accomplished by pinging of required node. The end device gives “reply” on receiving
PING message from the host. Spoofing attacks: The attackers can modify the domain name service protocol (DNS)
cache. This DNS spoofing causes the entries of DNS to be mapped in a shuffled order. In
the same manner for confusing the system so that wrong MAC address is mapped to
desired IP address, network attackers execute the spoofing of address resolution protocol
(ARP). In IP spoofing attackers falsify the source address for gaining network access. It
causes high networking traffic broadcast. When the network attack modify the routing
tables, then it is possible for the attackers to shift the network response to the destination
of spoofed address(Osanaiye, 2015). SSH and HTTP tunnelling attacks: When an authorised network member overcomes the
firewall control for transmitting sensitive information to unauthorised members then such
attacks are called HTTP tunnel attacks. For initiating attacks on network attackers can
connect to network. Such attack tunnelling is known as SSH tunnelling.
18

 Session hijacking attacks: These network attacks uses session redirection and fixing for
hijacking any valid session between the server and the user.
 Attacks on networking equipments: The networking equipments and configurations such
as routers are highly vulnerable to attacks due to insufficient care in setting passwords.
Back door of the system which are used for debugging and in case of password lost are
also at risk of networking attackers(PITCH, UBIQUITY and et.al. 2015).
Target domain in network attacks:
 The target domain of Reconnaissance network attack is all elements of networking. It
targets the software, hardware as well as networking connections of the system.
 The denial of service networking attacks covers wide range of target domains for
influencing. The main aim of these attacks is to generate the high traffic in the network
so that networking resource fails. Ping of death attacks only targets the size of IP packets.
Their aim is to just modify the size of the target packet. The overloading of IP packet size
will automatically crash the system(Maheshwari, Krishna and Brahma, 2014).
 For the networking attacks which aims at stealing the sensitive information only IP
address does not act as major target domain. Rather, they focus on aiming at network
security devices such as firewalls, passwords and back doors. Some attacks may also
target on entering into the scope of network by establishing their connections within
network. For achieving this they target only at weak passwords or back doors. Back doors
provides passwords when network administrator forgets the password. So these are easy
target domain for attackers.
 Network attacks which aims at only interrupting the availability of networking resources
and devices makes Internet control message protocol (ICMP) as their target domain.
When ICMP acts as target domain for the attackers then its transmission
acknowledgements are modified by the attackers.
 For making the system completely crash the flow of data packets between server and user
is also one of the most convenient target domain for the network attackers(Khan, Gani
and et.al. 2016). By generating the excess data packets the system may hang due to
overloading of routers, memory utilization and other networking elements.
19

 For the network attacks like TCP SYC Flood attack the SYC and ACK flags generated by
the host and client server are major target domain. These targets are prohibited from
performing the required task for crashing the system. For instance the acknowledgement
flag need to be generated when request flag SYC is provided by host. But these SYC
flags are easily targeted by attackers. They generate great volume of invalid request
which stays pending in a queue so that SYC cannot generate and transmit. And hence
when SYC is not generated the acknowledgement flags automatically does not come in
lime light. It leads to the denial of service attack targeting the entire system to crash due
to huge network traffic generation (Tan, Jamdagni and et.al. 2014).
20

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

REFERENCES
Books and Journals
AbdAllah, E.G., Hassanein, H.S. and Zulkernine, M., 2015. A survey of security attacks in
information-centric networking.IEEE Communications Surveys & Tutorials.17(3).
pp.1441-1454.
Afanasyev, A., Mahadevan, P., and et.al. 2013, May. Interest flooding attack and
countermeasures in Named Data Networking. In IFIP Networking Conference, 2013 (pp.
1-9). IEEE.
Gasti, P., Tsudik, G., and et.al. 2013, July. DoS and DDoS in named data networking.
In Computer Communications and Networks (ICCCN), 2013 22nd International
Conference on (pp. 1-7). IEEE.
Gont, F. and Chown, T., 2016. Network Reconnaissance in IPv6 Networks (No. RFC 7707).
Khan, S., Gani, A., and et.al. 2016. Network forensics: Review, taxonomy, and open
challenges. Journal of Network and Computer Applications,66, pp.214-235.
Maheshwari, R., Krishna, C.R. and Brahma, M.S., 2014, February. Defending network system
against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering
technique. In Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014
International Conference on (pp. 206-209). IEEE.
Osanaiye, O.A., 2015, February. Short Paper: IP spoofing detection for preventing DDoS attack
in Cloud Computing. InIntelligence in Next Generation Networks (ICIN), 2015 18th
International Conference on (pp. 139-141). IEEE.
PITCH, M.A., UBIQUITY, C.T., and et.al. 2015. Information security.
Ramesh, G., Krishnamurthi, I. and Kumar, K.S.S., 2014. An efficacious method for detecting
phishing webpages through target domain identification. Decision Support Systems.61.
pp.12-22.
Tan, Z., Jamdagni, A., and et.al. 2014. A system for denial-of-service attack detection based on
multivariate correlation analysis. IEEE transactions on parallel and distributed
systems. 25(2). pp.447-456.
Yan, Q., Gong, Q. and Yu, F. R., 2017. Effective software-defined networking controller
scheduling method to mitigate DDoS attacks. Electronics Letters.53(7). pp.469-471.
21

Yan, Q., Yu, F.R., and et.al. 2016. Software-defined networking (SDN) and distributed denial of
service (DDoS) attacks in cloud computing environments: A survey, some research
issues, and challenges. IEEE Communications Surveys & Tutorials.18(1). pp.602-622.
22