Ransom DDoS Attacks on VMware based cloud systems and possible counter measures
VerifiedAdded on 2023/06/04
|115
|22008
|154
AI Summary
This guide provides an in-depth understanding of Ransom DDoS Attacks on VMware based cloud systems and possible counter measures. It covers the challenges, SNORT based IDS, DDoS attacks in the cloud environment, and more. The guide also includes a research methodology, evaluation metrics, and test benches. Course code, course name, and college/university are not mentioned.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ransom DDoS Attacks on VMware based cloud
systems & possible counter measures
systems & possible counter measures
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
1. Title.....................................................................................................................................................2
2. Background........................................................................................................................................2
2.1 DDoS Attack...................................................................................................................................2
2.2 SNORT based IDS.........................................................................................................................4
2.3 DDoS attacks in the cloud environment.......................................................................................8
2.4 Counter measures for DDoS attack............................................................................................10
3. Aim...................................................................................................................................................12
4. Objectives.........................................................................................................................................12
5. Research Question...........................................................................................................................12
6. Research Methodology....................................................................................................................13
7. Types of DDoS Attacks....................................................................................................................13
8. Ransom DDoS attacks.....................................................................................................................19
9. ESXi based Cloud Systems..............................................................................................................20
10. Ransom DDoS Attacks on VMware based cloud systems.........................................................21
11. Project Planning..........................................................................................................................29
12. Resources Required.....................................................................................................................36
13. DDoS attacks using Kali Linux and its Test Results.................................................................61
14. Deliverables..................................................................................................................................96
15. Conclusion....................................................................................................................................96
16. References....................................................................................................................................97
1
1. Title.....................................................................................................................................................2
2. Background........................................................................................................................................2
2.1 DDoS Attack...................................................................................................................................2
2.2 SNORT based IDS.........................................................................................................................4
2.3 DDoS attacks in the cloud environment.......................................................................................8
2.4 Counter measures for DDoS attack............................................................................................10
3. Aim...................................................................................................................................................12
4. Objectives.........................................................................................................................................12
5. Research Question...........................................................................................................................12
6. Research Methodology....................................................................................................................13
7. Types of DDoS Attacks....................................................................................................................13
8. Ransom DDoS attacks.....................................................................................................................19
9. ESXi based Cloud Systems..............................................................................................................20
10. Ransom DDoS Attacks on VMware based cloud systems.........................................................21
11. Project Planning..........................................................................................................................29
12. Resources Required.....................................................................................................................36
13. DDoS attacks using Kali Linux and its Test Results.................................................................61
14. Deliverables..................................................................................................................................96
15. Conclusion....................................................................................................................................96
16. References....................................................................................................................................97
1
1. Title
Ransom DDoS Attacks on VMware based cloud systems and possible counter measures
2. Background
2.1DDoS Attack
A DDoS attack is a short form of Distributed Denial of Service. It is a malicious attempt.
It overwhelms the target such as network, service or server with a flood of traffic. The network
consists of a compromised system. Due to this compromised systems, the traffic flow is
increased in the network. It indicates that there are multiple sources for traffic attack (Acharya
and Pradhan, 2017). DDoS attacks create attack traffic to prevent the regular traffic from arriving
at its destination. The DDoS attacks make the online services unavailable. DDoS attacks are used
to force the systems to stop performing its usual services. Various techniques are used for
performing DDoS attacks (Aguiar and Hessel, 2012). Usually, these attacks are compromising
some of the vulnerable systems and forcing them to act on a target (Aswariza, Perdana and
Negara, 2017). As a result, the attacked system will go to the hang state or shutdown state and it
will stop to perform its usual services.
Distributed Denial of service attack
A DDoS attack is a Cyber-attack. In this attack, the attacker prepares a network or
machine resource which performs the disturbance to the denial of services of the connected
systems into the internet (Alleged MPAA DDoS attacks spark retaliatory cyber-attacks, 2010). It
seems to be complex. It overcomes of cloud server by vaccinating the packet of malicious on a
cloud to quickly consume the critical resources (Bose and Sarddar, 2015).
2
Ransom DDoS Attacks on VMware based cloud systems and possible counter measures
2. Background
2.1DDoS Attack
A DDoS attack is a short form of Distributed Denial of Service. It is a malicious attempt.
It overwhelms the target such as network, service or server with a flood of traffic. The network
consists of a compromised system. Due to this compromised systems, the traffic flow is
increased in the network. It indicates that there are multiple sources for traffic attack (Acharya
and Pradhan, 2017). DDoS attacks create attack traffic to prevent the regular traffic from arriving
at its destination. The DDoS attacks make the online services unavailable. DDoS attacks are used
to force the systems to stop performing its usual services. Various techniques are used for
performing DDoS attacks (Aguiar and Hessel, 2012). Usually, these attacks are compromising
some of the vulnerable systems and forcing them to act on a target (Aswariza, Perdana and
Negara, 2017). As a result, the attacked system will go to the hang state or shutdown state and it
will stop to perform its usual services.
Distributed Denial of service attack
A DDoS attack is a Cyber-attack. In this attack, the attacker prepares a network or
machine resource which performs the disturbance to the denial of services of the connected
systems into the internet (Alleged MPAA DDoS attacks spark retaliatory cyber-attacks, 2010). It
seems to be complex. It overcomes of cloud server by vaccinating the packet of malicious on a
cloud to quickly consume the critical resources (Bose and Sarddar, 2015).
2
Challenges
The challenges are described below (Bugnion et al., 2012).
Server resources
If the DDoS attack happens, then the following properties of the server will get severely
attack. These properties are bandwidth, memory, and CPU. Also, the connection is opened until
the session has been expired (Chaolong, Hanning and Lili, 2016).
Open architecture
This tool is arranged by the machine attacker to perform flooding of attacks at a high rate.
The collaborative and open architecture of the internet is demoralized to contaminate the
internetworked devices and machines (GAO et al., 2012). The network for health is preserved if
the polluting machine is repaired and removed.
High speed
The parameters of the attack such as the number of nodes, strength of the attack, and
protocol are unpredictable when the attack is dispersed. (Grimes, 2005). The solution for
protection should be reactive high. So the block of traffic malicious is more in high-speed
networks.
Attack signatures
The attack signatures are used to preserve the list of distributed denial of services. The attack
signatures are mostly covered all the variants which are possible in the real-time (Guo et al.,
2015). The traffic depends on the behavior of the network which is targeted and also a different
way when setting up in another cloud network.
Denial of service
The Denial of service is also considered as the attack. The DoS attack contains the many
forms such as
1. Transmission control protocol SYN flood
2. TCP Dos mitigation strategy.
3
The challenges are described below (Bugnion et al., 2012).
Server resources
If the DDoS attack happens, then the following properties of the server will get severely
attack. These properties are bandwidth, memory, and CPU. Also, the connection is opened until
the session has been expired (Chaolong, Hanning and Lili, 2016).
Open architecture
This tool is arranged by the machine attacker to perform flooding of attacks at a high rate.
The collaborative and open architecture of the internet is demoralized to contaminate the
internetworked devices and machines (GAO et al., 2012). The network for health is preserved if
the polluting machine is repaired and removed.
High speed
The parameters of the attack such as the number of nodes, strength of the attack, and
protocol are unpredictable when the attack is dispersed. (Grimes, 2005). The solution for
protection should be reactive high. So the block of traffic malicious is more in high-speed
networks.
Attack signatures
The attack signatures are used to preserve the list of distributed denial of services. The attack
signatures are mostly covered all the variants which are possible in the real-time (Guo et al.,
2015). The traffic depends on the behavior of the network which is targeted and also a different
way when setting up in another cloud network.
Denial of service
The Denial of service is also considered as the attack. The DoS attack contains the many
forms such as
1. Transmission control protocol SYN flood
2. TCP Dos mitigation strategy.
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Transmission control protocol SYN flood
The Transmission control protocol SYN flood is found by internet global. The TCP is
used to transfer the file from source to destination. It provides a reliable order. The data must be
reliable which is sent by the user. The TCP is developed the remind internet which is a private
collection of security and computer. The transmission control protocol has some features. The
TCP is exploited to perform the denial of service attack. The flooding is based on the attacks and
other resource systems such as the Central Processing Unit (CPU).
TCP denial of service mitigation strategy
It is used in the firewall to limit the number of SYN packets regarding the Transmission
Control Protocol (TCP). The multiple hosts are frequently involved in the attack. That is called
distributed Dos. The many composite solutions are met with the success of the network host and
the end of the host. The network is based on the firewall proxies. It is used to forward the
connection request to the client side for getting acknowledgment which is received from the user.
2.2SNORT based IDS
SNORT based Intrusion Detection System can be designed to stop and study the DDoS attacks.
Snort
It is a signature-based intrusion detection system. It enables to monitor the network. It
examines all the traffic network to observe that whether the intrusion is present or not. It
implements the detection engine that enables responding, warning, and registering earlier defined
to some kind of attack. It is free and it is lower than Linux/GNU and Windows (Halton et al.,
2017). Snort is the most commonly used tool. It has the number of continuous updates and
predefined signature. Snort is having some basics component in its architecture (Kennedy, 2011).
A decoder is one of the components in Snort and that is responsible for creating the structure of
data to recognize the network protocols. And it has the preprocessor that enables the
functionality of a system to extend and also has the engine detection that examines the package
4
The Transmission control protocol SYN flood is found by internet global. The TCP is
used to transfer the file from source to destination. It provides a reliable order. The data must be
reliable which is sent by the user. The TCP is developed the remind internet which is a private
collection of security and computer. The transmission control protocol has some features. The
TCP is exploited to perform the denial of service attack. The flooding is based on the attacks and
other resource systems such as the Central Processing Unit (CPU).
TCP denial of service mitigation strategy
It is used in the firewall to limit the number of SYN packets regarding the Transmission
Control Protocol (TCP). The multiple hosts are frequently involved in the attack. That is called
distributed Dos. The many composite solutions are met with the success of the network host and
the end of the host. The network is based on the firewall proxies. It is used to forward the
connection request to the client side for getting acknowledgment which is received from the user.
2.2SNORT based IDS
SNORT based Intrusion Detection System can be designed to stop and study the DDoS attacks.
Snort
It is a signature-based intrusion detection system. It enables to monitor the network. It
examines all the traffic network to observe that whether the intrusion is present or not. It
implements the detection engine that enables responding, warning, and registering earlier defined
to some kind of attack. It is free and it is lower than Linux/GNU and Windows (Halton et al.,
2017). Snort is the most commonly used tool. It has the number of continuous updates and
predefined signature. Snort is having some basics component in its architecture (Kennedy, 2011).
A decoder is one of the components in Snort and that is responsible for creating the structure of
data to recognize the network protocols. And it has the preprocessor that enables the
functionality of a system to extend and also has the engine detection that examines the package
4
according to the signatures. The plugin detection in the snort enables the changes of the
functionality of engine detection and the signatures of the files where the well-known attacks are
distinct to the detection. The plugins of output are used for defining in where, how and what the
observant are saved. Finally, the capture of the module of the traffic that enables to capture all
the packages of the network is done. (Kandias and Gritzalis, 2013). For the case, the
representations of traffic HTTP improves the snort functionality repeatedly to generate the
pattern of the attacked data, and the network traffic models asset the events and it is looking for
irregularities of these events.
Intrusion Detection System
According to the National Institute of Standard and Technology (NIST), the IDS system
is the method of event monitoring. The events which happen in network or computer system are
monitored and also these are identified (Khawaja, 2018). The intrusion detection system is based
on two main types. They are anomaly-based intrusion detection system and signature-based
intrusion detection system. The anomaly-based IDS attempts to identify the apprehensive activity
on the computer system. At the first stage of the intrusion detection system, the system is trained
and the knowledge about what is reflected in legitimate and normal is obtained. (Marshall et al.,
2015). Afterward, the computer system will notify nearby apprehensive activity (Kim, Lee and
Jang, 2012). The user can identify the various techniques in detection which is used to define
what activities are in the normal stage (L. Pritchett, 2013). Both anomaly-based and signature-
based intrusion detection system has pros and cons.
The signature-based intrusion detection system examines the traffic network. The signatures are
collected with different elements. This will help to find the traffic (Liebowitz, Kusek and Spies,
2014). To define whether none of the traffic networks relates to the well-known signature, the
intrusion detection system used as a design appreciation method. The snort is used in IDS. It has
the following policies (Liu, n.d.). They are recorder network, network intrusion detection, snort,
and security network monitor.
5
functionality of engine detection and the signatures of the files where the well-known attacks are
distinct to the detection. The plugins of output are used for defining in where, how and what the
observant are saved. Finally, the capture of the module of the traffic that enables to capture all
the packages of the network is done. (Kandias and Gritzalis, 2013). For the case, the
representations of traffic HTTP improves the snort functionality repeatedly to generate the
pattern of the attacked data, and the network traffic models asset the events and it is looking for
irregularities of these events.
Intrusion Detection System
According to the National Institute of Standard and Technology (NIST), the IDS system
is the method of event monitoring. The events which happen in network or computer system are
monitored and also these are identified (Khawaja, 2018). The intrusion detection system is based
on two main types. They are anomaly-based intrusion detection system and signature-based
intrusion detection system. The anomaly-based IDS attempts to identify the apprehensive activity
on the computer system. At the first stage of the intrusion detection system, the system is trained
and the knowledge about what is reflected in legitimate and normal is obtained. (Marshall et al.,
2015). Afterward, the computer system will notify nearby apprehensive activity (Kim, Lee and
Jang, 2012). The user can identify the various techniques in detection which is used to define
what activities are in the normal stage (L. Pritchett, 2013). Both anomaly-based and signature-
based intrusion detection system has pros and cons.
The signature-based intrusion detection system examines the traffic network. The signatures are
collected with different elements. This will help to find the traffic (Liebowitz, Kusek and Spies,
2014). To define whether none of the traffic networks relates to the well-known signature, the
intrusion detection system used as a design appreciation method. The snort is used in IDS. It has
the following policies (Liu, n.d.). They are recorder network, network intrusion detection, snort,
and security network monitor.
5
Evaluation methodology
The resolution of the work examines the snort in the positions of presentation lower than
various hardware configurations. In DDoS attacks of managing TCP flooding, the assessment
has been agreed on a test refined using advanced and limited hardware (Lowe et al., 2013). In
this process, a simulation will be completed for background and attack traffic. The ability of
snort in detection and presentation is prominent under the different traffic loads in the unit of
time. The different traffic loads are evaluation metrics, test benches, and attack scenarios
(Marshall and Lowe, 2014).
Evaluation metrics
It is related straightly to the snort performance and the ability of detection with the
increasing time. The Metrics are described below briefly.
Packet rate in maximum
This metric is used to measure the ability of snort. It processes the traffic in a specific
hardware pattern. This is dignified with the maximum traffic in snort that can be examined and
handled. It started the snort to descent packets and also measured a benchmark. The metrics are
the implication. Because in every test bench, packets are produced within the constraint of
packet benchmark rate.
Resource availability
All the systems have finite resources. The attack DoS aims to override the finite
resources. So, that these resources are not existing in the legitimate users. The memory and CPU
exploitation of snort to the system resources in CPU exploitation of snort energies in first test
bench as 79%, the second test bench as 74% and the third test bench as 76%. From the above-
mentioned values, it is obtained that the snort is done better on a second test bench.
Throughput
A throughput specifies the UDP and ICMP packets' part loss in all the test benches. It can
be perceived that each time, the packet is 100% lost while the target server undergoes from DoS.
6
The resolution of the work examines the snort in the positions of presentation lower than
various hardware configurations. In DDoS attacks of managing TCP flooding, the assessment
has been agreed on a test refined using advanced and limited hardware (Lowe et al., 2013). In
this process, a simulation will be completed for background and attack traffic. The ability of
snort in detection and presentation is prominent under the different traffic loads in the unit of
time. The different traffic loads are evaluation metrics, test benches, and attack scenarios
(Marshall and Lowe, 2014).
Evaluation metrics
It is related straightly to the snort performance and the ability of detection with the
increasing time. The Metrics are described below briefly.
Packet rate in maximum
This metric is used to measure the ability of snort. It processes the traffic in a specific
hardware pattern. This is dignified with the maximum traffic in snort that can be examined and
handled. It started the snort to descent packets and also measured a benchmark. The metrics are
the implication. Because in every test bench, packets are produced within the constraint of
packet benchmark rate.
Resource availability
All the systems have finite resources. The attack DoS aims to override the finite
resources. So, that these resources are not existing in the legitimate users. The memory and CPU
exploitation of snort to the system resources in CPU exploitation of snort energies in first test
bench as 79%, the second test bench as 74% and the third test bench as 76%. From the above-
mentioned values, it is obtained that the snort is done better on a second test bench.
Throughput
A throughput specifies the UDP and ICMP packets' part loss in all the test benches. It can
be perceived that each time, the packet is 100% lost while the target server undergoes from DoS.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Attack scenario
The Apache 2 web server have been arranged on the target server. The machine attacking
have been arranged to conduct TCP SYN packet flooding by using hping3 tool with the source in
random to option for IP addresses. This process has two scenarios. They are,
Attack scenario – 1
This scenario is used to performance analyzing of the snort. Then, in the unit of time, the
target server goes to unresponsive.
Attack scenario – 2
It is a mixed traffic and it has been agreed to send both backgrounds and attack traffic
and it is also examining the loss of packet legitimate in per unit of time. The snort performance
and the target packet and the ability in the detection of snort also been examined.
Test benches
In test benches, three tools have been chosen and it is containing the various hardware
structure. The NIDS displays the presentation as limited while the virtual platform is running as
specified in our test bench to encompass the actual environment and all four systems are
containing to lead the experiments. In test benches, a Linux operating system is the superior as
equaled to windows OS in positions of execution in snort. All the systems have been installed by
the Linux operating system. There are various tools present for test benches.
DDoS simulation attack tools
In this tool, Hping3 have been preferred due to its ability to make shaped TCP packets
that are generated. It is informal to simulate flooding TCP for the DDoS attack. The Hping3 tool
is permitted to control the number of packets per second, TCP session for a flag, source address
and destination address.
Generation tools for background traffic
The Hping3 tool and ostinato are used in the generation of background traffic. The loss of
packet rate in background traffic has been identified using the Wire Shark. In Order to examine
7
The Apache 2 web server have been arranged on the target server. The machine attacking
have been arranged to conduct TCP SYN packet flooding by using hping3 tool with the source in
random to option for IP addresses. This process has two scenarios. They are,
Attack scenario – 1
This scenario is used to performance analyzing of the snort. Then, in the unit of time, the
target server goes to unresponsive.
Attack scenario – 2
It is a mixed traffic and it has been agreed to send both backgrounds and attack traffic
and it is also examining the loss of packet legitimate in per unit of time. The snort performance
and the target packet and the ability in the detection of snort also been examined.
Test benches
In test benches, three tools have been chosen and it is containing the various hardware
structure. The NIDS displays the presentation as limited while the virtual platform is running as
specified in our test bench to encompass the actual environment and all four systems are
containing to lead the experiments. In test benches, a Linux operating system is the superior as
equaled to windows OS in positions of execution in snort. All the systems have been installed by
the Linux operating system. There are various tools present for test benches.
DDoS simulation attack tools
In this tool, Hping3 have been preferred due to its ability to make shaped TCP packets
that are generated. It is informal to simulate flooding TCP for the DDoS attack. The Hping3 tool
is permitted to control the number of packets per second, TCP session for a flag, source address
and destination address.
Generation tools for background traffic
The Hping3 tool and ostinato are used in the generation of background traffic. The loss of
packet rate in background traffic has been identified using the Wire Shark. In Order to examine
7
the snort performance with the traffic mix, the traffic legitimate must have other attacks than the
attack traffic. Hence, in the total traffic, 50% is used by the background traffic.
DoS verification tool
The Hping3 tool and the team viewer is used to confirm the DoS attack on the target
system. It replies to the legitimate clients. The ICMP echoes come from the legitimate clients.
The Hping3 tool is similar to the ping command.
2.3DDoS attacks in the cloud environment
Cloud computing is a combination of utilization of hardware and software. Over a
network, it provides services to the end users. The cloud computing consists of a set of virtual
machines. The physical components are simulated by these virtual machines and services are
provided to the end users. It is difficult to configure virtualization in cloud computing. The
structure of cloud computing consists of three service layers. They are IaaS (Infrastructure as a
Service), PaaS (Platform as a Service) and SaaS (Software as a Service). The service layer of
Infrastructure as a Service allows users to access storage, bandwidth, networks and physical
resources. The second service layer of Platform as a Service is built on the Infrastructure as a
Service layer and it allows the end users to access the databases and the operating systems. And
the last service layer is Software as a Service which is built on the Platform as a Service layer
and it allows the end users to access the software applications.
In the cloud computing environment, safety and reliability are the important things. The
users only have to pay what they are using in the cloud computing services. The cloud services
are distributed in nature. So, it can be sharable by billions of users. Because of this nature, the
cloud services have numerous security issues. In today world, Distributed Denial of Service
attacks is posing the largest threat to all the internet users and the cloud computing services. This
attack targets the cloud computing services and then lowers the ability of these services.
There are many attacks possible in cloud computing (Impact Evaluation of DDoS Attacks
on DNS Cache Server Using Queuing Model, 2013). They are browser level attacks, application-
level attacks, server level attacks, network-level attacks, and DDoS attacks. Various DDoS
8
attack traffic. Hence, in the total traffic, 50% is used by the background traffic.
DoS verification tool
The Hping3 tool and the team viewer is used to confirm the DoS attack on the target
system. It replies to the legitimate clients. The ICMP echoes come from the legitimate clients.
The Hping3 tool is similar to the ping command.
2.3DDoS attacks in the cloud environment
Cloud computing is a combination of utilization of hardware and software. Over a
network, it provides services to the end users. The cloud computing consists of a set of virtual
machines. The physical components are simulated by these virtual machines and services are
provided to the end users. It is difficult to configure virtualization in cloud computing. The
structure of cloud computing consists of three service layers. They are IaaS (Infrastructure as a
Service), PaaS (Platform as a Service) and SaaS (Software as a Service). The service layer of
Infrastructure as a Service allows users to access storage, bandwidth, networks and physical
resources. The second service layer of Platform as a Service is built on the Infrastructure as a
Service layer and it allows the end users to access the databases and the operating systems. And
the last service layer is Software as a Service which is built on the Platform as a Service layer
and it allows the end users to access the software applications.
In the cloud computing environment, safety and reliability are the important things. The
users only have to pay what they are using in the cloud computing services. The cloud services
are distributed in nature. So, it can be sharable by billions of users. Because of this nature, the
cloud services have numerous security issues. In today world, Distributed Denial of Service
attacks is posing the largest threat to all the internet users and the cloud computing services. This
attack targets the cloud computing services and then lowers the ability of these services.
There are many attacks possible in cloud computing (Impact Evaluation of DDoS Attacks
on DNS Cache Server Using Queuing Model, 2013). They are browser level attacks, application-
level attacks, server level attacks, network-level attacks, and DDoS attacks. Various DDoS
8
attacks disrupt the cloud environment. The followings are some of the DDoS attacks which
disrupt the cloud environment. Smurf attack, PING of death attack, IP Spoofing attack, Buffer
overflow attack, land attack, SYN flood attack, and Teardrop attack.
All these DDoS attacks on the cloud environment are based on both external and internal
type. In the IP spoofing attack, packet transmission between the cloud server and the end user are
intercepted. The headers of the packets are modified. The IP source field in the IP packet is
modified by entering either an unreachable IP address or a legitimate IP address. So, the server is
not able to complete the transaction to the unreachable IP address, which in turn affects resources
of the server. In the SYN flood attack, the number of SYN requests are sending to the server
from the attacker’s computer or from a compromised system in the network. The server sent
back the SYN-ACK request and wait for the ACK message from the computer. The attacker will
not send ACK message to the server and keep sending SYN requests. Because of that, the server
will not accept any legitimate SYN requests and it will be go done. This is known as ‘SYN flood
attack’. In the Smurf attack, the number of ICMP echo requests are sent to the target system.
These requests are spoofed. The source IP is replaced by the target IP address and the destination
IP address is replaced by the broadcast IP address. Because of this, the target system is flooded
with the broadcast addresses. The prevention of this attack is difficult. In a buffer overflow
attack, to take control over the advantage of buffer overflow vulnerability, the attacker sends an
executable code to the target system. As a result, the attacker controls the target system. In the
ping of Death attack, the attacker sends the larger size of the IP packets to the target system. The
target system is affected when handling the oversized IP packets. The cloud system and the
resources in the cloud system are affected by this. The land attack uses ‘Land.c’ program to send
the TCP SYN packets. This packet is forged. The source and destination fields have the same IP
address (IP address of the target). The target system will be crashed when it received this request.
The ‘Teardrop.c’ program is used for the Teardrop attack. This program sends the invalid
overlapping values in the TCP packet headers. As a result, in the re-assembly process, the target
system within a cloud system will be crashed.
9
disrupt the cloud environment. Smurf attack, PING of death attack, IP Spoofing attack, Buffer
overflow attack, land attack, SYN flood attack, and Teardrop attack.
All these DDoS attacks on the cloud environment are based on both external and internal
type. In the IP spoofing attack, packet transmission between the cloud server and the end user are
intercepted. The headers of the packets are modified. The IP source field in the IP packet is
modified by entering either an unreachable IP address or a legitimate IP address. So, the server is
not able to complete the transaction to the unreachable IP address, which in turn affects resources
of the server. In the SYN flood attack, the number of SYN requests are sending to the server
from the attacker’s computer or from a compromised system in the network. The server sent
back the SYN-ACK request and wait for the ACK message from the computer. The attacker will
not send ACK message to the server and keep sending SYN requests. Because of that, the server
will not accept any legitimate SYN requests and it will be go done. This is known as ‘SYN flood
attack’. In the Smurf attack, the number of ICMP echo requests are sent to the target system.
These requests are spoofed. The source IP is replaced by the target IP address and the destination
IP address is replaced by the broadcast IP address. Because of this, the target system is flooded
with the broadcast addresses. The prevention of this attack is difficult. In a buffer overflow
attack, to take control over the advantage of buffer overflow vulnerability, the attacker sends an
executable code to the target system. As a result, the attacker controls the target system. In the
ping of Death attack, the attacker sends the larger size of the IP packets to the target system. The
target system is affected when handling the oversized IP packets. The cloud system and the
resources in the cloud system are affected by this. The land attack uses ‘Land.c’ program to send
the TCP SYN packets. This packet is forged. The source and destination fields have the same IP
address (IP address of the target). The target system will be crashed when it received this request.
The ‘Teardrop.c’ program is used for the Teardrop attack. This program sends the invalid
overlapping values in the TCP packet headers. As a result, in the re-assembly process, the target
system within a cloud system will be crashed.
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2.4Counter measures for DDoS attack
DDoS attack stands for Distributed Denial of Service attacks. Nowadays, this attack is
one of the major threats on the internet. This attack affects the online retailers and also affects the
functions of the online business. If this attack affects a website means, then the attack will be
easily distributed. It leads to the loss of important files in the network. It mostly attacks the
majorly used and famous websites. To prevent this, strong antivirus software needs to be used in
the system. Then the security needs to be upgraded in each and every time in the website. The
preventive measures need to be taken to prevent the website from the DDoS attack
(SearchSecurity, 2018). The first preventive measure is taken by using the Intrusion Prevention
System (IPS) along with the capability of DDoS detection. Then, another method to preventing
the network from the DDoS attack is making the network partnership with the ISP (Internet
Service Provider). It leads to the provision of clean and full bandwidth to the network. Because
ISPs are capable to give protection to their customers from the malicious attacks. It detects and
filters all the DDoS packets in the network. Therefore, the attack of DDoS is reduced.
DDoS attacks are based on the vulnerabilities in the protocols of the TCP/IP model. The
main goal of preventing the DDoS attack is to prevent the network from the damage. For this,
there are many schemes available. These schemes are needed to be deployed in the routers in the
network. It filters the unwanted packets (i.e. malicious packets) and sends only the legitimate
and wanted information in the form of the packet in the network. For this, four types of filtering
are used. They are Ingress and Egress filtering, hop-count packet filtering, router-based filtering
of the packet and the protocol for Source Address Validity Enforcement (SAVE).
The ingress filter filters the packet by considering the IP address. It checks the source
address of the traffic. This should be within the range of actual IP address. The ingress filter is
used to filter the incoming traffic of the local network. Then, the egress filter is used to filter the
traffic which is leaves from the network. The second filter is the router based packet filter. In
this method, information (or) data of the router is used (Us.norton.com, 2018). In this method,
based on the source and destination address, the valid packet which enters the network is
identified. If the incoming packets in the network are not matched with the source/destination
packets means, then the filter will filter those unmatched packets in the network. This helps to
10
DDoS attack stands for Distributed Denial of Service attacks. Nowadays, this attack is
one of the major threats on the internet. This attack affects the online retailers and also affects the
functions of the online business. If this attack affects a website means, then the attack will be
easily distributed. It leads to the loss of important files in the network. It mostly attacks the
majorly used and famous websites. To prevent this, strong antivirus software needs to be used in
the system. Then the security needs to be upgraded in each and every time in the website. The
preventive measures need to be taken to prevent the website from the DDoS attack
(SearchSecurity, 2018). The first preventive measure is taken by using the Intrusion Prevention
System (IPS) along with the capability of DDoS detection. Then, another method to preventing
the network from the DDoS attack is making the network partnership with the ISP (Internet
Service Provider). It leads to the provision of clean and full bandwidth to the network. Because
ISPs are capable to give protection to their customers from the malicious attacks. It detects and
filters all the DDoS packets in the network. Therefore, the attack of DDoS is reduced.
DDoS attacks are based on the vulnerabilities in the protocols of the TCP/IP model. The
main goal of preventing the DDoS attack is to prevent the network from the damage. For this,
there are many schemes available. These schemes are needed to be deployed in the routers in the
network. It filters the unwanted packets (i.e. malicious packets) and sends only the legitimate
and wanted information in the form of the packet in the network. For this, four types of filtering
are used. They are Ingress and Egress filtering, hop-count packet filtering, router-based filtering
of the packet and the protocol for Source Address Validity Enforcement (SAVE).
The ingress filter filters the packet by considering the IP address. It checks the source
address of the traffic. This should be within the range of actual IP address. The ingress filter is
used to filter the incoming traffic of the local network. Then, the egress filter is used to filter the
traffic which is leaves from the network. The second filter is the router based packet filter. In
this method, information (or) data of the router is used (Us.norton.com, 2018). In this method,
based on the source and destination address, the valid packet which enters the network is
identified. If the incoming packets in the network are not matched with the source/destination
packets means, then the filter will filter those unmatched packets in the network. This helps to
10
prevent the DDoS attacks from hackers. The third filter is the Hop Count Filtering (HCF) in the
packet. The hop count is defined as the difference value which is obtained from the initial value
and observed value of TTL. TTL stands for Time To Live. It indicates the duration of the
packet. The TTL value needs to be the same in the network in HCF. If the observed TTL value
differs from the initial TTL value means, then it will be confirmed that there is some attack
happens in the packet of information. This TTL value indicates the hop count. Based on this
hop count table in the router, the network filters the attacked packets to prevent the network.
The fourth one is the Source Address Validity Environment (SAVE) protocol. This SAVE
protocol allows the packets from the correct source addresses. In the network, the routers are
available. In these routers, the intermediate routers have some table. This table is consisting of
the valid incoming source addresses in the network. If any packets enter into the network means,
it should across this router then only it reaches the destination. At the time of entering, the
routers check the address of the incoming packet. If the address is not valid (i.e. the incoming
packet address is not available in the router table) means, then the router will not allow the
packet into the network. These all are done by the SAVE protocol in the network.
The preventive measures of DDoS attack include the detection of the DDoS attack in the
network. While detecting these attack, the monitoring and the investigating of the system needs
to be carried out in the network. This detection is of two types. They are high rate DDoS
detection and the low rate DDoS detection. The high rate DDoS attacks stop the services to the
users in the network. The low rate DDoS attacks cause the loss of packets by the process of
bursting in the network. Its effect is low when compared to the high rate DDoS attack. The high
rate DDoS attacks are detected by the high rate DoS attack techniques of detection. It is further
divided into two types. They are signature-based detection and anomaly-based detection (Anon,
2018). The signature-based detection process involves in the finding of the unique patterns in
the attacks of DoS. It is totally different from the actual pattern. By differentiating this pattern,
the unique patterns are stored in the database. These patterns are used to find the malicious
activities which are occurring in the network. The second type is the anomaly-based detection
type. This is further classified into two main parts. They are effective parameters, identification
to create similarity measures. Here, the parameters indicate the length of the IP Packet, rate, etc.
Then the second part in the anomaly based detection is the calculation of similarity. It is
calculated from the profile of predefined traffic and the new traffic in the network. These are
11
packet. The hop count is defined as the difference value which is obtained from the initial value
and observed value of TTL. TTL stands for Time To Live. It indicates the duration of the
packet. The TTL value needs to be the same in the network in HCF. If the observed TTL value
differs from the initial TTL value means, then it will be confirmed that there is some attack
happens in the packet of information. This TTL value indicates the hop count. Based on this
hop count table in the router, the network filters the attacked packets to prevent the network.
The fourth one is the Source Address Validity Environment (SAVE) protocol. This SAVE
protocol allows the packets from the correct source addresses. In the network, the routers are
available. In these routers, the intermediate routers have some table. This table is consisting of
the valid incoming source addresses in the network. If any packets enter into the network means,
it should across this router then only it reaches the destination. At the time of entering, the
routers check the address of the incoming packet. If the address is not valid (i.e. the incoming
packet address is not available in the router table) means, then the router will not allow the
packet into the network. These all are done by the SAVE protocol in the network.
The preventive measures of DDoS attack include the detection of the DDoS attack in the
network. While detecting these attack, the monitoring and the investigating of the system needs
to be carried out in the network. This detection is of two types. They are high rate DDoS
detection and the low rate DDoS detection. The high rate DDoS attacks stop the services to the
users in the network. The low rate DDoS attacks cause the loss of packets by the process of
bursting in the network. Its effect is low when compared to the high rate DDoS attack. The high
rate DDoS attacks are detected by the high rate DoS attack techniques of detection. It is further
divided into two types. They are signature-based detection and anomaly-based detection (Anon,
2018). The signature-based detection process involves in the finding of the unique patterns in
the attacks of DoS. It is totally different from the actual pattern. By differentiating this pattern,
the unique patterns are stored in the database. These patterns are used to find the malicious
activities which are occurring in the network. The second type is the anomaly-based detection
type. This is further classified into two main parts. They are effective parameters, identification
to create similarity measures. Here, the parameters indicate the length of the IP Packet, rate, etc.
Then the second part in the anomaly based detection is the calculation of similarity. It is
calculated from the profile of predefined traffic and the new traffic in the network. These are
11
calculated by the statistical methods. Then, the similarities are measured by some tests like the
chi-square test and the Kolmogorov – Smirnov test in the network. This attack is detected when
the difference value between the two profiles exceeds than the given threshold (Anon, 2018).
The DDoS attack is identified by the tracing process. It is named as identification of the
attack source. It has three types. They are, Active Interaction is conducted for IP traceback,
traceback schemes for IP, and hash-based Traceback of IP.
3. Aim
The Aim of the research work is to research & investigate the Ransom DDoS Attacks on
VMware based cloud systems & possible counter measures.
4. Objectives
The objectives of this projects are listed below.
To research various types of DDoS attacks.
To investigate Ransom DDoS attack in detail.
To analyze VMware based infrastructure products and services.
To research & investigate VMware based cloud setup.
To design and implement the Ransom DDoS attacks on cloud-based systems.
To implement the counter measures against the Ransom DDoS attacks.
5. Research Question
How the VMware based cloud systems can be secured against various types of Ransom
DDoS attacks and how the security procedures can be tested in a practical lab setup?
12
chi-square test and the Kolmogorov – Smirnov test in the network. This attack is detected when
the difference value between the two profiles exceeds than the given threshold (Anon, 2018).
The DDoS attack is identified by the tracing process. It is named as identification of the
attack source. It has three types. They are, Active Interaction is conducted for IP traceback,
traceback schemes for IP, and hash-based Traceback of IP.
3. Aim
The Aim of the research work is to research & investigate the Ransom DDoS Attacks on
VMware based cloud systems & possible counter measures.
4. Objectives
The objectives of this projects are listed below.
To research various types of DDoS attacks.
To investigate Ransom DDoS attack in detail.
To analyze VMware based infrastructure products and services.
To research & investigate VMware based cloud setup.
To design and implement the Ransom DDoS attacks on cloud-based systems.
To implement the counter measures against the Ransom DDoS attacks.
5. Research Question
How the VMware based cloud systems can be secured against various types of Ransom
DDoS attacks and how the security procedures can be tested in a practical lab setup?
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
6. Research Methodology
Most of the research will be based on secondary research methodology. In-depth literature
survey will be done on all the related areas of the subject area (Albany.edu, 2018). Various types
of DDoS attacks, Ransom DDoS attack in detail, VMware based infrastructure products and
services, VMware based cloud setup, Ransom DDoS attacks on cloud-based systems and the
countermeasures for the Ransom DDoS attacks will be researched and investigated in the
literature review.
The Primary methodology will be used in the second half of the research work. A lab setup
will be done to test the countermeasures and the results will be tabulated. Trail version of ESXi
6.5 infrastructure will be set up and ESXi infrastructure will be managed by a vCenter server
setup. Kali Linux will be used to generate DDoS attacks. Windows client systems will be used to
check the performance degradation of the affected servers. Most of the reach work is qualitative.
Ransom DDoS methodology
The distributed denial of service ransom attack is most powerful one. These ransom
attacks could be done in two ways by the attacker. One is the cyber criminals can launch the
DDoS attack on any organization site for picking the bit coin. Otherwise they infect the machines
and make a demand for unlike the files. The DDoS attacks are using the smoke screens for the
ransomware. The main aim of this DDoS attack is seldom to cripple a website. The ransomware
DDoS attack takes few minutes for attacking the firewall and intrusion detection system. The
attackers are extorting the money using this ransom DDoS attack. For making the attack it used
some methodology. Initially the victim could be identified. After that the bulk of DDoS threats
for creating the attack by demanding the ransom. The ransom attack create the reputation for the
company. And then the botnet methodology is used to carrying out the DDoS attacks. Here the
Research is made regarding the Ransom DDoS attacks on ESXi server. The various attacks are
executed against the server.
13
Most of the research will be based on secondary research methodology. In-depth literature
survey will be done on all the related areas of the subject area (Albany.edu, 2018). Various types
of DDoS attacks, Ransom DDoS attack in detail, VMware based infrastructure products and
services, VMware based cloud setup, Ransom DDoS attacks on cloud-based systems and the
countermeasures for the Ransom DDoS attacks will be researched and investigated in the
literature review.
The Primary methodology will be used in the second half of the research work. A lab setup
will be done to test the countermeasures and the results will be tabulated. Trail version of ESXi
6.5 infrastructure will be set up and ESXi infrastructure will be managed by a vCenter server
setup. Kali Linux will be used to generate DDoS attacks. Windows client systems will be used to
check the performance degradation of the affected servers. Most of the reach work is qualitative.
Ransom DDoS methodology
The distributed denial of service ransom attack is most powerful one. These ransom
attacks could be done in two ways by the attacker. One is the cyber criminals can launch the
DDoS attack on any organization site for picking the bit coin. Otherwise they infect the machines
and make a demand for unlike the files. The DDoS attacks are using the smoke screens for the
ransomware. The main aim of this DDoS attack is seldom to cripple a website. The ransomware
DDoS attack takes few minutes for attacking the firewall and intrusion detection system. The
attackers are extorting the money using this ransom DDoS attack. For making the attack it used
some methodology. Initially the victim could be identified. After that the bulk of DDoS threats
for creating the attack by demanding the ransom. The ransom attack create the reputation for the
company. And then the botnet methodology is used to carrying out the DDoS attacks. Here the
Research is made regarding the Ransom DDoS attacks on ESXi server. The various attacks are
executed against the server.
13
Penetration testing methodology
For penetration testing, we have used some methods. First one is reconnaissance phase.
In this the information’s are need to be known about the target environment and system
characteristics. Then the second one is the vulnerability scanning. We have made the DDoS
attack on ESXi server. So the vulnerability scanning is the essential one. Through this we can
find the open ports and running web services. After that, the exploitation will be done. It mainly
target the vulnerabilities. Here the Kali Linux provides lot of exploitation tools. And the
privilege escalation is the fourth step in the penetration testing. Privilege is main obstacles for the
attackers. Because the attackers should be privileged for obtaining the access for critical data.
The fifth one is maintaining the access. Final method is reporting. The six methods are listed
below.
Reconnaissance Phase
Vulnerability scanning
Exploitation
Privilege Escalation
Maintaining Access
Rerporting
DDoS attacks on ESXi server
EtherApe
Metasploit
Slowloris
LOIC (Low Orbit Ion Canon)
THC-SSL-DoS
GoldenEye
Pyloris
Hping3
Hping3
Hping3 is a network tool used send the multiple TCP/ IP packets to the target server. And
it displayed the results. It is extremely powerful tool. And it handles arbitrary packets and
14
For penetration testing, we have used some methods. First one is reconnaissance phase.
In this the information’s are need to be known about the target environment and system
characteristics. Then the second one is the vulnerability scanning. We have made the DDoS
attack on ESXi server. So the vulnerability scanning is the essential one. Through this we can
find the open ports and running web services. After that, the exploitation will be done. It mainly
target the vulnerabilities. Here the Kali Linux provides lot of exploitation tools. And the
privilege escalation is the fourth step in the penetration testing. Privilege is main obstacles for the
attackers. Because the attackers should be privileged for obtaining the access for critical data.
The fifth one is maintaining the access. Final method is reporting. The six methods are listed
below.
Reconnaissance Phase
Vulnerability scanning
Exploitation
Privilege Escalation
Maintaining Access
Rerporting
DDoS attacks on ESXi server
EtherApe
Metasploit
Slowloris
LOIC (Low Orbit Ion Canon)
THC-SSL-DoS
GoldenEye
Pyloris
Hping3
Hping3
Hping3 is a network tool used send the multiple TCP/ IP packets to the target server. And
it displayed the results. It is extremely powerful tool. And it handles arbitrary packets and
14
fragmentation. Also used to transfer the encapsulated packets by the supporting protocols. And
this is a kind of DDoS attacking tool. And it is used to firewall testing and advanced port
scanning. By using Hping3 we cans end various packets to the ESXi server. By repeating process
the server gets hang. So the ransom attack will happen on ESXi server.
Methodologies for implementing the Hping3
Initially the hping3 flood will be executed with the IP address of the corresponding server
host.
The command is hping3 -S --flood -V <<IP range>>.
It will send the repeating TCP/IP packets to the server.
The server gets hang and displayed the target replies.
Ping flood attack
Ping flood attack is also called an ICMP flood attack which is used by the attackers to
produce the traffic in the networks. These attacks are executed using the ICMP echo packet
requests by making the target inaccessible. These attacks are done by producing more traffics
from different devices. So the attacks will change into the DDOS attack. Where DDOS means
distributed denial of service attack and ICMP means internet control message protocol.
Methodology of ping flood attack
The ICMP is the kind of internet protocol and it is used for communicating the different
networking devices. Using this ICMP there are different networking diagnostic tools are used for
diagnosing the network. Among the different tools, the ping and traceroute are the important
diagnostic tools. The ping flood attack is done using the echo reply and echo request. It is done
by means of networking diagnosis between the sender and the device. The packets are attacked
during the echo request (incoming message) and echo reply (outgoing message) in the ICMP
protocol. The distributed denial of service forms a ping in the internet control message protocol
and below steps keep on repeating them.
The repeating steps are
15
this is a kind of DDoS attacking tool. And it is used to firewall testing and advanced port
scanning. By using Hping3 we cans end various packets to the ESXi server. By repeating process
the server gets hang. So the ransom attack will happen on ESXi server.
Methodologies for implementing the Hping3
Initially the hping3 flood will be executed with the IP address of the corresponding server
host.
The command is hping3 -S --flood -V <<IP range>>.
It will send the repeating TCP/IP packets to the server.
The server gets hang and displayed the target replies.
Ping flood attack
Ping flood attack is also called an ICMP flood attack which is used by the attackers to
produce the traffic in the networks. These attacks are executed using the ICMP echo packet
requests by making the target inaccessible. These attacks are done by producing more traffics
from different devices. So the attacks will change into the DDOS attack. Where DDOS means
distributed denial of service attack and ICMP means internet control message protocol.
Methodology of ping flood attack
The ICMP is the kind of internet protocol and it is used for communicating the different
networking devices. Using this ICMP there are different networking diagnostic tools are used for
diagnosing the network. Among the different tools, the ping and traceroute are the important
diagnostic tools. The ping flood attack is done using the echo reply and echo request. It is done
by means of networking diagnosis between the sender and the device. The packets are attacked
during the echo request (incoming message) and echo reply (outgoing message) in the ICMP
protocol. The distributed denial of service forms a ping in the internet control message protocol
and below steps keep on repeating them.
The repeating steps are
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1. Attacker uses the ICMP packet for echo request operation through the server for attacking
multiple devices in the same network.
2. The requested devices are again getting the reply from the targeted server.
The representation of the ping flood attack. It shows the attacker attacks by means of bot
through the ICMP echo request and ICMP echo reply for attacking the targeted server. If the
different users are connected in the same network then it is very easy for the attacker to do ping
flood attack. These attacks are like the loops and it can keep on repeat the same process until the
condition gets over. These are the different steps happening in the ping flood attack.
Design
Logical topology of ESXi server
16
multiple devices in the same network.
2. The requested devices are again getting the reply from the targeted server.
The representation of the ping flood attack. It shows the attacker attacks by means of bot
through the ICMP echo request and ICMP echo reply for attacking the targeted server. If the
different users are connected in the same network then it is very easy for the attacker to do ping
flood attack. These attacks are like the loops and it can keep on repeat the same process until the
condition gets over. These are the different steps happening in the ping flood attack.
Design
Logical topology of ESXi server
16
17
7. Types of DDoS Attacks
Different types of DDoS attacks are existing in the present IT world (Ha, 2016). Various
types of DDoS attacks are there. They are ACK Attack, Amplified DNS attack, Excessive verb -
single session, Excessive verb, Fraggle attack, Fake session attack, ICMP Flood, HTTP
Fragmentation, Mirai Botnet Attack, Memcached attack, IP Null attack, PING Flood, Recursive
18
Different types of DDoS attacks are existing in the present IT world (Ha, 2016). Various
types of DDoS attacks are there. They are ACK Attack, Amplified DNS attack, Excessive verb -
single session, Excessive verb, Fraggle attack, Fake session attack, ICMP Flood, HTTP
Fragmentation, Mirai Botnet Attack, Memcached attack, IP Null attack, PING Flood, Recursive
18
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
GET, RST Flood, FIN Flood, Slow session attack, Slow read attack, Smurf attack, SYN Flood,
SYN-ACK Flood, TCP Null, TOS Flood, UDP Flood, and Volumetric Attack.
Generally the DDoS attack had some types. They are described below.
Volume based attacks
Protocol based attacks
Application layer attacks
Volume based attacks
The volumetric attack is used to make the huge amount of traffic against the target. For
making the attack, it uses the amplification techniques. The examples are UDP flood, TCP flood
and DNS amplification. This attack block the access to the end source. This attack is measured
in bits.
Protocol based attacks
This attack is happened by exploiting a weakness in layer 3 and layer 4. The examples
are SYN flood, ping of death. It consumes the capacity of the target process.
Application attacks
It is happened by exploiting the weakness in layer 7. It is a most sophisticated attack. It
first make the connection with the target. Then attack the server by the transactions and
monopolizing processes. The examples are HTTP flood and dns services attacks.
19
SYN-ACK Flood, TCP Null, TOS Flood, UDP Flood, and Volumetric Attack.
Generally the DDoS attack had some types. They are described below.
Volume based attacks
Protocol based attacks
Application layer attacks
Volume based attacks
The volumetric attack is used to make the huge amount of traffic against the target. For
making the attack, it uses the amplification techniques. The examples are UDP flood, TCP flood
and DNS amplification. This attack block the access to the end source. This attack is measured
in bits.
Protocol based attacks
This attack is happened by exploiting a weakness in layer 3 and layer 4. The examples
are SYN flood, ping of death. It consumes the capacity of the target process.
Application attacks
It is happened by exploiting the weakness in layer 7. It is a most sophisticated attack. It
first make the connection with the target. Then attack the server by the transactions and
monopolizing processes. The examples are HTTP flood and dns services attacks.
19
20
ACK Attack:
This is one of the types of DDoS attacks. It is used to disrupt the activities of the network.
It is done by saturating resources and bandwidth (Hatua, 2014). The ACK packets are
continuously sending to the target network or system or server. The high rate of ACK packets is
sending from the source to destination. It downs the state full defense. This attack can also be
used as a smokescreen.
In this attack, 1500 bytes of packets can be sent to the target server (Kurniawan et al.,
2018). All the servers within the network are affected by this attack because all available
network bandwidth is consumed by this attack.
Amplified DNS attack:
This is one of the types of DDoS attack. This attack is based on reflection. The hackers
dodge look-up requests to DNS server for hiding the exploitation source. And the responses are
directed to the target server or network. The DNS lookup requests are sent by the attackers to
create vulnerabilities in the DNS server (Herrod, 2010). The EDNS0 extension is used to send
the DNS request to the DNS protocol. To add the size of the DNS message, the DNSSEC
extension is used. This amplification increases the size of the Ethernet packet up to 40,000 bytes.
This is hard to protect when this attack happened from the valid looking traffic or servers. The
followings are the methods which are used to prevent the impact of this attack (Hong, 2014).
They are limiting the rate, DNS and open recursive relay server blocking and DNS server
security tightening.
Excessive verb - single session:
The features in the HTTP 1.1 allow this kind of attack. Within a single HTTP session, it
is possible to have multiple client requests (Li, 2014). The HTTP session is lowered by those
requests. This attack consumes little amount of bandwidth but causes the target server
unresponsive.
Excessive verb:
This attack is also known as HTTP GET flood attack. In this attack, the number of valid
HTTP requests is sent to the target web server. The HTTP request is a GET request. Every
21
This is one of the types of DDoS attacks. It is used to disrupt the activities of the network.
It is done by saturating resources and bandwidth (Hatua, 2014). The ACK packets are
continuously sending to the target network or system or server. The high rate of ACK packets is
sending from the source to destination. It downs the state full defense. This attack can also be
used as a smokescreen.
In this attack, 1500 bytes of packets can be sent to the target server (Kurniawan et al.,
2018). All the servers within the network are affected by this attack because all available
network bandwidth is consumed by this attack.
Amplified DNS attack:
This is one of the types of DDoS attack. This attack is based on reflection. The hackers
dodge look-up requests to DNS server for hiding the exploitation source. And the responses are
directed to the target server or network. The DNS lookup requests are sent by the attackers to
create vulnerabilities in the DNS server (Herrod, 2010). The EDNS0 extension is used to send
the DNS request to the DNS protocol. To add the size of the DNS message, the DNSSEC
extension is used. This amplification increases the size of the Ethernet packet up to 40,000 bytes.
This is hard to protect when this attack happened from the valid looking traffic or servers. The
followings are the methods which are used to prevent the impact of this attack (Hong, 2014).
They are limiting the rate, DNS and open recursive relay server blocking and DNS server
security tightening.
Excessive verb - single session:
The features in the HTTP 1.1 allow this kind of attack. Within a single HTTP session, it
is possible to have multiple client requests (Li, 2014). The HTTP session is lowered by those
requests. This attack consumes little amount of bandwidth but causes the target server
unresponsive.
Excessive verb:
This attack is also known as HTTP GET flood attack. In this attack, the number of valid
HTTP requests is sent to the target web server. The HTTP request is a GET request. Every
21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
attacker can be able to generate a large number of the valid GET request. So, only a few
attacking machines are needed to make the target web server to go offline or down (Lee and
Hong, 2013). This attack consumes low bandwidth but it has the ability to make the target web
server unresponsive.
Fraggle attack:
It is a rare kind of attack. In the Fraggle attack, within a network, the large amount of
spoofed UDP traffic is sending to the broadcast address of the router. The UDP traffic is used to
attack the target network (Long and Storey, 2014).
The router generates the junk of traffic when this Fraggle attack is successfully done. As
a result, the network is overloaded. By blocking port 7 (Echo port) and port 19, the system can
be prevented from the Fraggle attack.
Fake session attack:
In this attack, several spoofed SYN packets are sent followed by a lot of ACK and more
than one FIN or RST packets. In another type of this attack, only a lot of ACK packets are sent
followed by more than one FIN or RST packets (Li, 2014). As a result, the target server
resources are exhausted.
ICMP Flood:
The large volume of highly spoofed ICMP packets is causing the flood in a network. The
target network’s resources are overwhelming by these large volumes of highly spoofed ICMP
packets. The attackers consume resources, and the bandwidth available in the network by using
this attack. And then exhausts the network until the target goes down (Mirkovic and Reiher,
2004). The ICMP packets which are used for making this attack may have fixed or random
source IP addresses.
HTTP Fragmentation:
In this type of attack, the bots are used. The bot with the valid IP address is used to
establish the valid connection (HTTP connection) with the web server. The bots are split the
HTTP packets into small pieces or fragments (Nomnga et al., 2014). These fragmented HTTP
packets are sent slowly as much as possible before it times out to the web server. By using this
22
attacking machines are needed to make the target web server to go offline or down (Lee and
Hong, 2013). This attack consumes low bandwidth but it has the ability to make the target web
server unresponsive.
Fraggle attack:
It is a rare kind of attack. In the Fraggle attack, within a network, the large amount of
spoofed UDP traffic is sending to the broadcast address of the router. The UDP traffic is used to
attack the target network (Long and Storey, 2014).
The router generates the junk of traffic when this Fraggle attack is successfully done. As
a result, the network is overloaded. By blocking port 7 (Echo port) and port 19, the system can
be prevented from the Fraggle attack.
Fake session attack:
In this attack, several spoofed SYN packets are sent followed by a lot of ACK and more
than one FIN or RST packets. In another type of this attack, only a lot of ACK packets are sent
followed by more than one FIN or RST packets (Li, 2014). As a result, the target server
resources are exhausted.
ICMP Flood:
The large volume of highly spoofed ICMP packets is causing the flood in a network. The
target network’s resources are overwhelming by these large volumes of highly spoofed ICMP
packets. The attackers consume resources, and the bandwidth available in the network by using
this attack. And then exhausts the network until the target goes down (Mirkovic and Reiher,
2004). The ICMP packets which are used for making this attack may have fixed or random
source IP addresses.
HTTP Fragmentation:
In this type of attack, the bots are used. The bot with the valid IP address is used to
establish the valid connection (HTTP connection) with the web server. The bots are split the
HTTP packets into small pieces or fragments (Nomnga et al., 2014). These fragmented HTTP
packets are sent slowly as much as possible before it times out to the web server. By using this
22
method, the attacker can keep the connection active for a long time. It is done without alerting
any available defense mechanisms.
Memcached attack:
It is one of the types of cyber - attack. By using this attack, the attacker is trying to
overload the target with the internal traffic. The Memcached is a database caching system. It is
used to speed up networks and websites (Waldspurger, 2002). The spoofed requests are sending
to the vulnerable Memcached server.
Then it floods the target with the internal traffic. At last, the resources of the target is
overwhelmed. Because of this, the new process requests are not processed and the internal
resources are unable to access by the regular traffic.
IP Null attack:
The IPv4 headers in the packet have the information of which transport layer
protocol is being used. This field is set as zero by the attackers (Thota, 2018). So, the security
measures are bypassed. No security scans such as IP, ICMP, and TCP are done on those packets.
The target server’s resources are exhausted when the server is trying to process those packets.
And also the server is rebooted.
Mirai Botnet attack:
The Mirai is a botnet virus. It is self – propagating. Only poorly protected internet
devices are affected by this Mirai botnet code. This is done by using telnet. The telnet is used to
find those internet devices which are still using the default username and password. In this
attack, the existing bots discover a new open device (Tennenhouse, 2017). These details are sent
to the CnC which is a separate image, controls the compromised devices. The viruses are copied
into the new devices. After injecting or copying viruses into the newly discovered devices, the
CnC sends the instruction to the bots to launch the attack against more than one targets.
Recursive GET:
It is another type of HTTP flood attack. In this attack, the attacker is sending more
requests related to website pages and recursively sending requests to each object of the website.
These kinds of attacks are unnoticeable. And it is difficult to detect. Because the recursive
23
any available defense mechanisms.
Memcached attack:
It is one of the types of cyber - attack. By using this attack, the attacker is trying to
overload the target with the internal traffic. The Memcached is a database caching system. It is
used to speed up networks and websites (Waldspurger, 2002). The spoofed requests are sending
to the vulnerable Memcached server.
Then it floods the target with the internal traffic. At last, the resources of the target is
overwhelmed. Because of this, the new process requests are not processed and the internal
resources are unable to access by the regular traffic.
IP Null attack:
The IPv4 headers in the packet have the information of which transport layer
protocol is being used. This field is set as zero by the attackers (Thota, 2018). So, the security
measures are bypassed. No security scans such as IP, ICMP, and TCP are done on those packets.
The target server’s resources are exhausted when the server is trying to process those packets.
And also the server is rebooted.
Mirai Botnet attack:
The Mirai is a botnet virus. It is self – propagating. Only poorly protected internet
devices are affected by this Mirai botnet code. This is done by using telnet. The telnet is used to
find those internet devices which are still using the default username and password. In this
attack, the existing bots discover a new open device (Tennenhouse, 2017). These details are sent
to the CnC which is a separate image, controls the compromised devices. The viruses are copied
into the new devices. After injecting or copying viruses into the newly discovered devices, the
CnC sends the instruction to the bots to launch the attack against more than one targets.
Recursive GET:
It is another type of HTTP flood attack. In this attack, the attacker is sending more
requests related to website pages and recursively sending requests to each object of the website.
These kinds of attacks are unnoticeable. And it is difficult to detect. Because the recursive
23
requests are looked same as the legitimate requests (WEN, 2008). By setting limitations to the
transmission band per one IP, the target system can be protected by this attack.
RST Flood:
In this attack, the target server receives the number of spoofed RST packets. These RST
packets do not belong to any session of the server which is targeted (XIANG et al., 2012). The
server resources include CPU, RAM is exhausted by this attack because the server is trying to
process the invalid requests.
PING Flood:
It is the most common attack. The ICMP echo command is used for this attack. This is
also called a ping command. In this attack, the number of ICMP echo commands are sent to the
target computer in order to overload it (Saganowski and Andrysiak, 2012). The large size of
ICMP packets is sent the number of times to the target system. This attack is used to affect only
one computer. So, it is not useful in large websites and networks.
FIN Flood:
This attack is the same as the RST attack. In this attack, the target server receives a
number of spoofed FIN packets (ZHANG and QIN, 2010). These FIN packets do not belong to
any session of the server which is targeted. The server resources include CPU, RAM is
exhausted by this attack because the server is trying to process the invalid requests.
Slow session attack:
In this attack, the attacker sends valid TCP SYN packets. For establishing the valid
sessions between the target and the attacker, the TCP three-way handshakes are performed with
the target (Ramanauskaitė et al., 2014). First, the number of valid sessions are established. Then,
the ACK packets are responded slowly. After that, the requests are incomplete to keep the
session open. This attack consumes all available sockets and makes the server down. So, the
server will not establish new sessions.
Slow read attack:
24
transmission band per one IP, the target system can be protected by this attack.
RST Flood:
In this attack, the target server receives the number of spoofed RST packets. These RST
packets do not belong to any session of the server which is targeted (XIANG et al., 2012). The
server resources include CPU, RAM is exhausted by this attack because the server is trying to
process the invalid requests.
PING Flood:
It is the most common attack. The ICMP echo command is used for this attack. This is
also called a ping command. In this attack, the number of ICMP echo commands are sent to the
target computer in order to overload it (Saganowski and Andrysiak, 2012). The large size of
ICMP packets is sent the number of times to the target system. This attack is used to affect only
one computer. So, it is not useful in large websites and networks.
FIN Flood:
This attack is the same as the RST attack. In this attack, the target server receives a
number of spoofed FIN packets (ZHANG and QIN, 2010). These FIN packets do not belong to
any session of the server which is targeted. The server resources include CPU, RAM is
exhausted by this attack because the server is trying to process the invalid requests.
Slow session attack:
In this attack, the attacker sends valid TCP SYN packets. For establishing the valid
sessions between the target and the attacker, the TCP three-way handshakes are performed with
the target (Ramanauskaitė et al., 2014). First, the number of valid sessions are established. Then,
the ACK packets are responded slowly. After that, the requests are incomplete to keep the
session open. This attack consumes all available sockets and makes the server down. So, the
server will not establish new sessions.
Slow read attack:
24
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
This is the same as the slow session attack. In this attack, the attacker sent valid TCP
SYN packets. For establishing the valid sessions between the target and the attacker, the TCP
three-way handshakes are performed with the target (Priyadharshini, Vijayakumar and Abdul
Quadir, 2018). First, the number of valid sessions are established. And then, the attacker starts to
request to download a large object or document from the target machine. Once the downloading
begins, the target starts to slow down. The attacker continuously slows down the target and
consumes more resources from the target server.
Smurf attack:
It is one of the forms of DDoS attack. In this attack, the router which has the number of
devices which is connected with the target. A large number of ICMP packets are sending to that
target router and making that router to respond (Pettit et al., 2018). Then all devices which are
connected to that router, responds to the ICMP request. These devices are unable to find or
recognize the spoofed IP address. As a result, the request is amplified and the target server is
crippled.
SYN Flood:
The three-way TCP communication process design between the server, host, and client is
exploited by this attack. Initially, the client sends SYN packets to generate the new session.
These sessions are assigned and checked by the host until then the client closes them (ZHANG
and KANG, 2009). In SYN attack, a lot of SYN packets are sent from the spoofed IP address to
the target server. Until the connection table memory of the server is exhausted, the SYN attack is
going on. As a result, the server cannot be able to process the legitimate requests until the SYN
attack lasts.
SYN-ACK Flood:
This attack exploits the second step of the three-way TCP communication process
(Panca, 2017). In the second step of the three-way TCP communication protocol, the listening
host generates the SYN-ACK packets in order to acknowledge the incoming SYN packets. In the
25
SYN packets. For establishing the valid sessions between the target and the attacker, the TCP
three-way handshakes are performed with the target (Priyadharshini, Vijayakumar and Abdul
Quadir, 2018). First, the number of valid sessions are established. And then, the attacker starts to
request to download a large object or document from the target machine. Once the downloading
begins, the target starts to slow down. The attacker continuously slows down the target and
consumes more resources from the target server.
Smurf attack:
It is one of the forms of DDoS attack. In this attack, the router which has the number of
devices which is connected with the target. A large number of ICMP packets are sending to that
target router and making that router to respond (Pettit et al., 2018). Then all devices which are
connected to that router, responds to the ICMP request. These devices are unable to find or
recognize the spoofed IP address. As a result, the request is amplified and the target server is
crippled.
SYN Flood:
The three-way TCP communication process design between the server, host, and client is
exploited by this attack. Initially, the client sends SYN packets to generate the new session.
These sessions are assigned and checked by the host until then the client closes them (ZHANG
and KANG, 2009). In SYN attack, a lot of SYN packets are sent from the spoofed IP address to
the target server. Until the connection table memory of the server is exhausted, the SYN attack is
going on. As a result, the server cannot be able to process the legitimate requests until the SYN
attack lasts.
SYN-ACK Flood:
This attack exploits the second step of the three-way TCP communication process
(Panca, 2017). In the second step of the three-way TCP communication protocol, the listening
host generates the SYN-ACK packets in order to acknowledge the incoming SYN packets. In the
25
SYN-ACK flood attack, the target server receives a large number of spoofed SYN-ACK packets.
The server resources are exhausted by this attack. Until this SYN-ACK attack lasts, the target
server is unavailable to process the legitimate requests.
TCP Null:
The packets which have no TCP segment flags set are used for this attack (ZHANG et al.,
2012). These packets are considered as invalid. This type of segment is used in port scanning.
TOS Flood:
The full form of TOS is Type of Service. The TOS field of an IP header is used by the
attacker to perform this attack. There are two types of attacks based on this TOS field. In one
type of this attack, the attackers spoof ECN packets (Zuo and Chen, 2014). It will reduce the
throughput of individual connections. In another type of this attack, the attacker uses the
DiffServ class flags. It will increase the priority of the attack traffic.
UDP Flood:
In this attack, the target server is flooded with UDP packets. The identification of the
UDP flood attack is difficult because it is not an end to end communication between the host and
the client. From the multiple numbers of source IP, the spoofed UDP packets are sent to the
target server (Abidoye and Obagbuwa, 2018). This attack may target a specific server or a
random one in the network. All available bandwidth is consumed by this attack.
Volumetric Attack:
In this attack, a large amount of traffic and request packets are sent to the targeted
network. It overwhelms the capability of the bandwidth. The size of the requests sent during this
attack is more than 100 Gigabytes per second.
26
The server resources are exhausted by this attack. Until this SYN-ACK attack lasts, the target
server is unavailable to process the legitimate requests.
TCP Null:
The packets which have no TCP segment flags set are used for this attack (ZHANG et al.,
2012). These packets are considered as invalid. This type of segment is used in port scanning.
TOS Flood:
The full form of TOS is Type of Service. The TOS field of an IP header is used by the
attacker to perform this attack. There are two types of attacks based on this TOS field. In one
type of this attack, the attackers spoof ECN packets (Zuo and Chen, 2014). It will reduce the
throughput of individual connections. In another type of this attack, the attacker uses the
DiffServ class flags. It will increase the priority of the attack traffic.
UDP Flood:
In this attack, the target server is flooded with UDP packets. The identification of the
UDP flood attack is difficult because it is not an end to end communication between the host and
the client. From the multiple numbers of source IP, the spoofed UDP packets are sent to the
target server (Abidoye and Obagbuwa, 2018). This attack may target a specific server or a
random one in the network. All available bandwidth is consumed by this attack.
Volumetric Attack:
In this attack, a large amount of traffic and request packets are sent to the targeted
network. It overwhelms the capability of the bandwidth. The size of the requests sent during this
attack is more than 100 Gigabytes per second.
26
8. Ransom DDoS attacks
In recent days, the DDoS attacks are combined with the ransom demand. The attackers
are initiating DDoS attacks and after some time demanding a ransom amount to stop the DDoS
attacks. Various types of DDoS attacks are needs to be studied and the types of DDoS attacks
that can be mixed up with a ransom demand are needs to be investigated (Babincev and Vuletic,
2016).
Most of the cloud systems are VMware based. ESXi servers are the physical servers in
which VMs can be set up and it can be used for various network services and applications. The
VMs can be compromised and the affected VMs can be forced to attack a target system at the
same time. Experiments can be designed, and various attacks can be performed on cloud-based
systems (Engebretson, 2013).
Kali Linux type tools can be used to perform the initial attacks on the target. Hping3 and
slow HTTP test are the basic attacking applications for simulating DDoS attacks (Fitzhugh,
2014). Various cloud-based tools can be used for analyzing the DDoS attack pockets. Suitable
mitigation techniques can be studied.
ESXi based cloud model needs to be designed. Various attacks will be initiated, and
suitable mitigation techniques can be designed (Geddam and Sarkar, 2013). All the activities will
be tested with the help of an experimental setup. Various firewall settings will be designed and
then tested against the ransom DDoS attacks.
ESXi servers are using the ESXi management interface for managing the ESXi server
and its operating system. It is firewall protected and the firewall is an inbuilt firewall (Gupta,
2011). This firewall can be configured in such a way that only secured requests like SSH v2,
ADS, DNS, DHCP, NFS and vMotion can reach the ESXi management interface (Jaswal et al.,
2018). These services are using the TCP and UDP ports and by securing the port traffic, the
ESXi management interface can be saved.
Kali Linux is a specially made Linux operating system with all the white hat hacking
tools (Kali Linux – Assuring Security by Penetration Testing, 2014). The hacking tools can be
27
In recent days, the DDoS attacks are combined with the ransom demand. The attackers
are initiating DDoS attacks and after some time demanding a ransom amount to stop the DDoS
attacks. Various types of DDoS attacks are needs to be studied and the types of DDoS attacks
that can be mixed up with a ransom demand are needs to be investigated (Babincev and Vuletic,
2016).
Most of the cloud systems are VMware based. ESXi servers are the physical servers in
which VMs can be set up and it can be used for various network services and applications. The
VMs can be compromised and the affected VMs can be forced to attack a target system at the
same time. Experiments can be designed, and various attacks can be performed on cloud-based
systems (Engebretson, 2013).
Kali Linux type tools can be used to perform the initial attacks on the target. Hping3 and
slow HTTP test are the basic attacking applications for simulating DDoS attacks (Fitzhugh,
2014). Various cloud-based tools can be used for analyzing the DDoS attack pockets. Suitable
mitigation techniques can be studied.
ESXi based cloud model needs to be designed. Various attacks will be initiated, and
suitable mitigation techniques can be designed (Geddam and Sarkar, 2013). All the activities will
be tested with the help of an experimental setup. Various firewall settings will be designed and
then tested against the ransom DDoS attacks.
ESXi servers are using the ESXi management interface for managing the ESXi server
and its operating system. It is firewall protected and the firewall is an inbuilt firewall (Gupta,
2011). This firewall can be configured in such a way that only secured requests like SSH v2,
ADS, DNS, DHCP, NFS and vMotion can reach the ESXi management interface (Jaswal et al.,
2018). These services are using the TCP and UDP ports and by securing the port traffic, the
ESXi management interface can be saved.
Kali Linux is a specially made Linux operating system with all the white hat hacking
tools (Kali Linux – Assuring Security by Penetration Testing, 2014). The hacking tools can be
27
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
used for attacking the target system and for studying the security of the attacking system
(Guthrie and Lowe, 2013).
To help the penetration testers, ESXi got a smaller version of NETCAT application. This
can be used to design and activate a backdoor in an ESXi system. Kali Linux can be used to enter
into ESXi servers through back doors and investigate the security features of ESXi systems
(Halton and Bo Weaver, 2016).
9. ESXi based Cloud Systems
In ESXi based cloud systems, there will be a target for any DDoS attack. In cloud-based
systems only the target will not get affected due to DDoS. ESXi servers will be hosting VMs. So,
all the VMs will be affected. Along with VMs, other physical servers, network resources, and
cloud service providers also will be impacted.
There will be a service downtime and the business losses will happen if other resources
get affected. Energy consumption and other vCenter activities like HA, DR, and backup also will
be affected.
A lot of preventive measures needs to be developed to save the cloud-based systems from
DDoS attacks. Excessive bandwidth should be used. Extended pen testing procedures should be
followed, and vulnerabilities of the cloud systems should be well documented. IDS and Firewall
systems should be used. There should be a backup for internet services. Firewall rules should be
set up to prevent unauthorized requests from unauthorized IPs. Security patches should be
updated in real time.
10. Ransom DDoS Attacks on VMware based cloud systems
Generally, the distributed denial of service attack is a malicious attack to affect or disturb
the normal network services and the normal traffic of the targeted server. It has the multiple
compromised computers system as the sources. By this, it can accomplish the attack on network
28
(Guthrie and Lowe, 2013).
To help the penetration testers, ESXi got a smaller version of NETCAT application. This
can be used to design and activate a backdoor in an ESXi system. Kali Linux can be used to enter
into ESXi servers through back doors and investigate the security features of ESXi systems
(Halton and Bo Weaver, 2016).
9. ESXi based Cloud Systems
In ESXi based cloud systems, there will be a target for any DDoS attack. In cloud-based
systems only the target will not get affected due to DDoS. ESXi servers will be hosting VMs. So,
all the VMs will be affected. Along with VMs, other physical servers, network resources, and
cloud service providers also will be impacted.
There will be a service downtime and the business losses will happen if other resources
get affected. Energy consumption and other vCenter activities like HA, DR, and backup also will
be affected.
A lot of preventive measures needs to be developed to save the cloud-based systems from
DDoS attacks. Excessive bandwidth should be used. Extended pen testing procedures should be
followed, and vulnerabilities of the cloud systems should be well documented. IDS and Firewall
systems should be used. There should be a backup for internet services. Firewall rules should be
set up to prevent unauthorized requests from unauthorized IPs. Security patches should be
updated in real time.
10. Ransom DDoS Attacks on VMware based cloud systems
Generally, the distributed denial of service attack is a malicious attack to affect or disturb
the normal network services and the normal traffic of the targeted server. It has the multiple
compromised computers system as the sources. By this, it can accomplish the attack on network
28
service. Here, the research is developed regarding the ransom distributed denial of service attack
on VMware based cloud systems (Yeah Hub, 2018). Ransom in the sense the cyber criminals
obtain the data by the use of malware. The Ransomware attack happened based on the DDoS
attack. At that time, the cybercriminal threatens the people by showing the distributed denial of
service attacks. It is always represented as the target attack which is a part of the ransom attack.
These DDoS attacks may happen in many ways. They are listed below.
SYN flood
Network time protocol attack
Domain name system amplification attack
These attacks will be executed based on the capacity of attacks. The ransom messages are
involving as the short term attack to gain the power. Also, the botnets are used here to deliver the
statistics of the attack. Cloud DDoS attacks are considered as the major problem in the network.
Protection against the DDoS attack
Many security controls are there to reduce the effect of the distributed denial of service
attacks. By using the SYN flood attack, the attacker can easily target the system by sending the
corresponding SYN requests (Ntrg.cs.tcd.ie, 2018). Here, the firewall is used to analyze the
requests and compare all the network traffic.
Detection and mitigation techniques
Here, some of the techniques are mentioned to detect the traffic created by the denial of
service attack. It enables the tools for traffic detection and customizes the profile. Also, the larger
capacity devices are needed to detect the traffic. Cloud protection is an important thing for the
DDoS attacks. Generally, the target is redirected by the customer to the provider of cloud
services. Here, the hybrid protection method is used to detect traffic and security. This is also
considered as the cloud overflow option. If the attack seems to be too large, then the cloud
overflow will be configured and the bad traffic will send it to the cloud protection service. The
cloud protection will take the minimum cost.
29
on VMware based cloud systems (Yeah Hub, 2018). Ransom in the sense the cyber criminals
obtain the data by the use of malware. The Ransomware attack happened based on the DDoS
attack. At that time, the cybercriminal threatens the people by showing the distributed denial of
service attacks. It is always represented as the target attack which is a part of the ransom attack.
These DDoS attacks may happen in many ways. They are listed below.
SYN flood
Network time protocol attack
Domain name system amplification attack
These attacks will be executed based on the capacity of attacks. The ransom messages are
involving as the short term attack to gain the power. Also, the botnets are used here to deliver the
statistics of the attack. Cloud DDoS attacks are considered as the major problem in the network.
Protection against the DDoS attack
Many security controls are there to reduce the effect of the distributed denial of service
attacks. By using the SYN flood attack, the attacker can easily target the system by sending the
corresponding SYN requests (Ntrg.cs.tcd.ie, 2018). Here, the firewall is used to analyze the
requests and compare all the network traffic.
Detection and mitigation techniques
Here, some of the techniques are mentioned to detect the traffic created by the denial of
service attack. It enables the tools for traffic detection and customizes the profile. Also, the larger
capacity devices are needed to detect the traffic. Cloud protection is an important thing for the
DDoS attacks. Generally, the target is redirected by the customer to the provider of cloud
services. Here, the hybrid protection method is used to detect traffic and security. This is also
considered as the cloud overflow option. If the attack seems to be too large, then the cloud
overflow will be configured and the bad traffic will send it to the cloud protection service. The
cloud protection will take the minimum cost.
29
Cloud services
Mostly, the cloud services are used to manage the distributed denial of service attacks.
These cloud services are regarding the VMware (Esecurityplanet.com, 2018). The ESXi server
and the VCENTER6 are also used as the cloud services against the distributed denial of attacks.
VMware ESXi security
VMware ESXi server is considered as the computer virtualization software. It is an
advanced ESXi server and it is a version of VMware ESXi server. The virtualization software
runs its own kernel after the Linux bootstrap. It has mainly three interfaces. They are hardware,
service console, and the guest system. The features of the VMware ESXi server are listed below.
It runs directly on the system hardware. It is similar to the computer node.
These ESXi servers are generally targeted for enterprise organizations. These VMware
kernel interfaces have approved the modules regarding the third party. The configuration could
be done using the console.
These servers could be embedded on the new server or installed in the existing servers.
The virtual symmetric multi-processing is included in these servers (Khandelwal and
Khandelwal, 2018). There are no additional features. Because this version could not be managed
by the vCenter server. The license of the ESXi needs to be improved for the additional features.
The installation of this server needs five Gigabytes space. If any files are present in the system,
then it will be automatically deleted. Then the hypervisor requires the 32 megabytes space. The
VMware tools need the additional space. Based on the installation of ESX server, the ESXi
server will be installed and deployed.
Configuration of ESXi
The configuration of ESXi is needed to be established after the installation. The First
thing is a dynamic host configuration protocol which is used to manage the network. The
configuration process may get failed without the usage of DHCP. Then the IP configuration and
the DNS configuration need to be done.
30
Mostly, the cloud services are used to manage the distributed denial of service attacks.
These cloud services are regarding the VMware (Esecurityplanet.com, 2018). The ESXi server
and the VCENTER6 are also used as the cloud services against the distributed denial of attacks.
VMware ESXi security
VMware ESXi server is considered as the computer virtualization software. It is an
advanced ESXi server and it is a version of VMware ESXi server. The virtualization software
runs its own kernel after the Linux bootstrap. It has mainly three interfaces. They are hardware,
service console, and the guest system. The features of the VMware ESXi server are listed below.
It runs directly on the system hardware. It is similar to the computer node.
These ESXi servers are generally targeted for enterprise organizations. These VMware
kernel interfaces have approved the modules regarding the third party. The configuration could
be done using the console.
These servers could be embedded on the new server or installed in the existing servers.
The virtual symmetric multi-processing is included in these servers (Khandelwal and
Khandelwal, 2018). There are no additional features. Because this version could not be managed
by the vCenter server. The license of the ESXi needs to be improved for the additional features.
The installation of this server needs five Gigabytes space. If any files are present in the system,
then it will be automatically deleted. Then the hypervisor requires the 32 megabytes space. The
VMware tools need the additional space. Based on the installation of ESX server, the ESXi
server will be installed and deployed.
Configuration of ESXi
The configuration of ESXi is needed to be established after the installation. The First
thing is a dynamic host configuration protocol which is used to manage the network. The
configuration process may get failed without the usage of DHCP. Then the IP configuration and
the DNS configuration need to be done.
30
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Securing the individual VM
The ESXi security is considered as the second layer. And the virtual machines are
considered as the isolated machines. These machines are used to communicate with the
hypervisor. But regarding the distributed denial of service attack, the VM only uses the existing
resources and the remaining virtual machines could not be reached (Faction, 2018). The CPU
cycles are needed to be configured to prevent the distributed denial of service attack on the
virtual machine. By using the CPU cycles, the virtual machine could be used at any time. It
always has enough capacity for other kinds of virtual machine.
Protection of virtual network
The virtual network layer is considered as the last one regarding ESXi security. It
includes the network interface cards and switches virtually. This ESXi network needs to be
secured because it should be communicating with the outside world. Also, it helps to
communicate and manage the connection between the hosts.
Initially, the identification should be made regarding the various parts of ESXi and that
should be isolated from each other. And then, the security measures are needed to be monitored
carefully when installing the ESXi server. Here, the hypervisor uses the various kinds of
switches for the communication and management between the nodes or computers. Then, the
firewall needs to be configured for security issues. This ESXi security is also used to break the
infrastructure.
Overview of ESXi facts
Generally, the ESXi installation has the hardware compatibility list. Also, it does not
have the inbuilt firewall in the way of ESXi. This ESXi runs the particular set of well-known
services. And these services are used to prevent unwanted services. The service is represented as
backup agents, hardware, file transfer protocol and web access (ComputerWeekly.com, 2018). It
has some kind of special versions including the original equipment manufacturer. And this could
be downloaded from the VMware's website. For the server configuration, it has a limited amount
of installation prompts. After that, the network configuration will be done. It may also be
31
The ESXi security is considered as the second layer. And the virtual machines are
considered as the isolated machines. These machines are used to communicate with the
hypervisor. But regarding the distributed denial of service attack, the VM only uses the existing
resources and the remaining virtual machines could not be reached (Faction, 2018). The CPU
cycles are needed to be configured to prevent the distributed denial of service attack on the
virtual machine. By using the CPU cycles, the virtual machine could be used at any time. It
always has enough capacity for other kinds of virtual machine.
Protection of virtual network
The virtual network layer is considered as the last one regarding ESXi security. It
includes the network interface cards and switches virtually. This ESXi network needs to be
secured because it should be communicating with the outside world. Also, it helps to
communicate and manage the connection between the hosts.
Initially, the identification should be made regarding the various parts of ESXi and that
should be isolated from each other. And then, the security measures are needed to be monitored
carefully when installing the ESXi server. Here, the hypervisor uses the various kinds of
switches for the communication and management between the nodes or computers. Then, the
firewall needs to be configured for security issues. This ESXi security is also used to break the
infrastructure.
Overview of ESXi facts
Generally, the ESXi installation has the hardware compatibility list. Also, it does not
have the inbuilt firewall in the way of ESXi. This ESXi runs the particular set of well-known
services. And these services are used to prevent unwanted services. The service is represented as
backup agents, hardware, file transfer protocol and web access (ComputerWeekly.com, 2018). It
has some kind of special versions including the original equipment manufacturer. And this could
be downloaded from the VMware's website. For the server configuration, it has a limited amount
of installation prompts. After that, the network configuration will be done. It may also be
31
installed on the flash drive. When installing the ESXi, we have to make sure that whether the
flash drive is installed or not. The space for the flash drive could be 8 Gigabytes.
ESXi key features
The key features of the VMware are listed below. Here, we mentioned five essential
features of ESXi. They are,
Role-based security access.
Logging and auditing.
Memory ballooning.
Graphical user interface.
Traffic shaping.
vSphere Power CLI.
By this ESXi, we can configure more devices and more CPUs. And some admins have
the ability to manage the functionality by using remote tools. It should be used instead of the
command line interface. Instead of third-party management, the application programming
interface is used by ESXi. It also supports with the development of VM and Microsoft virtual
server.
Advantages and disadvantages of ESXi
The installation of ESXi in a data center seems to be simple and easy. Because it is
represented as lightweights. The admins need some patches (Dark Reading, 2018). It would be
more secure because of its small size. The existing of the graphical user interface is also
considered as the main advantage (Krebsonsecurity.com, 2018). But it also has some
disadvantages. It offers only fewer configurations to keep its size. It has the learning curve as the
guide for the virtualization product. Here the overhead is developed with the CPU work. This is
considered as another drawback. These drawbacks are lead to cause an application to slow in a
virtual machine. The free version of the ESXi reduces the usage of two physical CPUs.
32
flash drive is installed or not. The space for the flash drive could be 8 Gigabytes.
ESXi key features
The key features of the VMware are listed below. Here, we mentioned five essential
features of ESXi. They are,
Role-based security access.
Logging and auditing.
Memory ballooning.
Graphical user interface.
Traffic shaping.
vSphere Power CLI.
By this ESXi, we can configure more devices and more CPUs. And some admins have
the ability to manage the functionality by using remote tools. It should be used instead of the
command line interface. Instead of third-party management, the application programming
interface is used by ESXi. It also supports with the development of VM and Microsoft virtual
server.
Advantages and disadvantages of ESXi
The installation of ESXi in a data center seems to be simple and easy. Because it is
represented as lightweights. The admins need some patches (Dark Reading, 2018). It would be
more secure because of its small size. The existing of the graphical user interface is also
considered as the main advantage (Krebsonsecurity.com, 2018). But it also has some
disadvantages. It offers only fewer configurations to keep its size. It has the learning curve as the
guide for the virtualization product. Here the overhead is developed with the CPU work. This is
considered as another drawback. These drawbacks are lead to cause an application to slow in a
virtual machine. The free version of the ESXi reduces the usage of two physical CPUs.
32
Comparison of VMware ESXi and vSphere
The VMware vSphere works as the suite of virtualization products. It contains the ESXi.
It is represented as the exclusive hypervisor regarding the vSphere license. It could be considered
as the foundation of a private cloud environment (Khandelwal, 2018). This vSphere has a lot of
software with them. They are a vCenter server, web client, client, distributed switch regarding
vSphere. It also encompasses the high availability and virtual symmetric multi-processing
regarding VMware.
Network management
While installing the VMware ESXi hypervisor, the network management will appear. By
this management, we can set the static IP address and DNS configuration. The SSH should be
enabled at this stage. The VM kernel will be loaded (SearchSecurity, 2018). Initially, it will
provide the dynamic IP address. Using this IP address and MAC address, we can access the
vSphere client. Through this, we can able to create a virtual operating system. This network
contains the settings such as DNS configuration, network IPv4 configuration.
Installing and configuring the VM tools
The VM tools are needed to be installed after booting the OS iso file through the
VMware workstation (VMWare, 2018). These tools are enabled for adding additional features.
After the installation of the operating system, the pop up will be shown regarding the installation
of virtual machine tools. By pressing YES, the tools installation will be started.
Installing and configuring the vCenter appliance
vCenter is a virtual center. It enables the vCenter centralized management regarding
vSphere infrastructure. By this vCenter, we can manage the virtualization products such as ESXi
and the virtual machines. It is also one of the products of VMware. The Management activity is
mainly monitored by the vCenter server.
Cloud security platforms
33
The VMware vSphere works as the suite of virtualization products. It contains the ESXi.
It is represented as the exclusive hypervisor regarding the vSphere license. It could be considered
as the foundation of a private cloud environment (Khandelwal, 2018). This vSphere has a lot of
software with them. They are a vCenter server, web client, client, distributed switch regarding
vSphere. It also encompasses the high availability and virtual symmetric multi-processing
regarding VMware.
Network management
While installing the VMware ESXi hypervisor, the network management will appear. By
this management, we can set the static IP address and DNS configuration. The SSH should be
enabled at this stage. The VM kernel will be loaded (SearchSecurity, 2018). Initially, it will
provide the dynamic IP address. Using this IP address and MAC address, we can access the
vSphere client. Through this, we can able to create a virtual operating system. This network
contains the settings such as DNS configuration, network IPv4 configuration.
Installing and configuring the VM tools
The VM tools are needed to be installed after booting the OS iso file through the
VMware workstation (VMWare, 2018). These tools are enabled for adding additional features.
After the installation of the operating system, the pop up will be shown regarding the installation
of virtual machine tools. By pressing YES, the tools installation will be started.
Installing and configuring the vCenter appliance
vCenter is a virtual center. It enables the vCenter centralized management regarding
vSphere infrastructure. By this vCenter, we can manage the virtualization products such as ESXi
and the virtual machines. It is also one of the products of VMware. The Management activity is
mainly monitored by the vCenter server.
Cloud security platforms
33
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The security threats will be described based on the various entities and activities
regarding the cloud. The security platforms are used to monitor and protect the virtual machine.
It has totally five methods regarding cloud security. In that, first one is cloud server integrity
checking. This method is used to verify the configuration of the server and platform before
upgrading the virtual machine. For this verification, the cloud verifier is proposed. This verifier
is used to check the integrity regarding the software stuck (Khandelwal and Khandelwal, 2018).
The computing tool service is used to measure the integrity of BIOS and the hypervisor. Then
the open stack architecture is also used to check the server integrity. The second method is
represented as virtual machine integrity checking. This is used to check the image of the
operating system before producing the virtual machine. The same purpose is done by using the
Cloud Monett architecture. The third method is inside virtual machine monitoring. This method
is used to detect the vulnerability inside the virtual machine. The inspector needs the customers
regarding the installation of the security agent inside the virtual machines. The security is needed
to be implemented inside the virtual machine.
It contains the file system, network, and process activities. Then the data needs to be
analyzed and compared for finding the suspicious activities inside the virtual machine. By this
inspection, we can find the vulnerabilities and system misconfigurations (Fenech and Fenech,
2018). Then the tools are used to analyze the viruses, spyware. And also removes the viruses and
unwanted software presented in the cloud system. The fourth method is considered as the
resource monitoring. There is a lot of platforms used for resource monitoring. For that, it had the
dynamic resource usage statistics. Here the cloud-based Amazon web services are used to
monitor the CPU usage, network traffic, and throughput. The percentage of the CPU usage will
be monitored by using the Microsoft Azure. This software enables the identification of the
monitoring process by the customers. The fifth one is the multi-talent attack detection. Through
this method, we can easily detect the vulnerabilities regarding the security. This detection has
some methods.
VMware cloud systems
The VMware recently delivered the host regarding the new kind of security patches.
These patches are used to address the various kind of security vulnerabilities. That may impact
34
regarding the cloud. The security platforms are used to monitor and protect the virtual machine.
It has totally five methods regarding cloud security. In that, first one is cloud server integrity
checking. This method is used to verify the configuration of the server and platform before
upgrading the virtual machine. For this verification, the cloud verifier is proposed. This verifier
is used to check the integrity regarding the software stuck (Khandelwal and Khandelwal, 2018).
The computing tool service is used to measure the integrity of BIOS and the hypervisor. Then
the open stack architecture is also used to check the server integrity. The second method is
represented as virtual machine integrity checking. This is used to check the image of the
operating system before producing the virtual machine. The same purpose is done by using the
Cloud Monett architecture. The third method is inside virtual machine monitoring. This method
is used to detect the vulnerability inside the virtual machine. The inspector needs the customers
regarding the installation of the security agent inside the virtual machines. The security is needed
to be implemented inside the virtual machine.
It contains the file system, network, and process activities. Then the data needs to be
analyzed and compared for finding the suspicious activities inside the virtual machine. By this
inspection, we can find the vulnerabilities and system misconfigurations (Fenech and Fenech,
2018). Then the tools are used to analyze the viruses, spyware. And also removes the viruses and
unwanted software presented in the cloud system. The fourth method is considered as the
resource monitoring. There is a lot of platforms used for resource monitoring. For that, it had the
dynamic resource usage statistics. Here the cloud-based Amazon web services are used to
monitor the CPU usage, network traffic, and throughput. The percentage of the CPU usage will
be monitored by using the Microsoft Azure. This software enables the identification of the
monitoring process by the customers. The fifth one is the multi-talent attack detection. Through
this method, we can easily detect the vulnerabilities regarding the security. This detection has
some methods.
VMware cloud systems
The VMware recently delivered the host regarding the new kind of security patches.
These patches are used to address the various kind of security vulnerabilities. That may impact
34
the range of computer products including the vCenter server, server appliance, and update
manager. Here some of the security measures are described regarding the elevation of privileges.
Also, it is used to execute the malicious codes. And also, other kinds of vulnerabilities could lead
to the denial of service attacks. According to that, these vulnerabilities are considered as the bug
(Fortune, 2018). And these bugs are used by the attacker to get the credentials of the
corresponding users. For exploiting the vulnerability, the affected product needs to be deployed
in an active directory environment. The VMware is also upgraded the number of third-party
libraries like OpenSSL, ESX and ESXi. These third-party libraries are used to solve security
issues.
Virtualization
The virtualization is a recent technology in terms of both industrial and academic
applications (Reduction in Infrastructure and operating costs using Server Virtualization, 2016).
The virtualization technique is used for the denial of service attack. It represents the
virtualization package samples.
So, it covers the state of art solution (Server Virtualization using Cloud Environment for
Data Storage & Backup, 2016). The virtualization solution is classified into three categories such
as
1. Paravirtualization.
2. Hardware virtualization.
3. Container virtualization.
Paravirtualization
The Paravirtualization is the adapted version of the virtualization. It does not need any
hardware to realize the virtualization. It is used instead of the reality with the driver and kernel.
The kernel is sent to the system hardware access and system call directly (Yang, 2018). It is a
35
manager. Here some of the security measures are described regarding the elevation of privileges.
Also, it is used to execute the malicious codes. And also, other kinds of vulnerabilities could lead
to the denial of service attacks. According to that, these vulnerabilities are considered as the bug
(Fortune, 2018). And these bugs are used by the attacker to get the credentials of the
corresponding users. For exploiting the vulnerability, the affected product needs to be deployed
in an active directory environment. The VMware is also upgraded the number of third-party
libraries like OpenSSL, ESX and ESXi. These third-party libraries are used to solve security
issues.
Virtualization
The virtualization is a recent technology in terms of both industrial and academic
applications (Reduction in Infrastructure and operating costs using Server Virtualization, 2016).
The virtualization technique is used for the denial of service attack. It represents the
virtualization package samples.
So, it covers the state of art solution (Server Virtualization using Cloud Environment for
Data Storage & Backup, 2016). The virtualization solution is classified into three categories such
as
1. Paravirtualization.
2. Hardware virtualization.
3. Container virtualization.
Paravirtualization
The Paravirtualization is the adapted version of the virtualization. It does not need any
hardware to realize the virtualization. It is used instead of the reality with the driver and kernel.
The kernel is sent to the system hardware access and system call directly (Yang, 2018). It is a
35
loss of flexibility in the operating system. The pump is used in the OS to change the work in the
hypervisor.
Hardware virtual machine
The hardware virtual machine is the lowest level in the virtualization. It needs the
hardware for the trap which is privileged from the domain. It allows the machine without using
any OS or driver on the system. The hardware system is running in the virtual machine (VMware
patches security flaws, 2007). The central processing unit built in the HVM. It is frequently
called the extension of the VM.
Container virtualization
The Container virtualization also called as an operating system level in VM. It secures
multiple containers and runs in different applications (Kb.vmware.com, 2018). It is based on the
administration for security or presentation reason for maintaining the same operating system in
each container. The HVM and PV both are used in the hypervisor to interact with the many
transmission control protocol.
11. Project Planning
Activities involved in the process
As already discussed in the above context, this project is all about finding the mitigation
strategy against the ransom DDOS attacks. For developing the mitigation strategy, the researcher
conducts the DDOS attack using the Kali Linux software. From the proposed attack, the
researcher planned to identify the various important key things related to the attack and
mitigation strategy. This research project starts with the process of identifying the various
activities involved in the project. At first, the various activity details of the project are given
below. And the map of activities carried out in the process is also illustrated below for providing
additional information. There are six activities planned in the project. All the six activities are
36
hypervisor.
Hardware virtual machine
The hardware virtual machine is the lowest level in the virtualization. It needs the
hardware for the trap which is privileged from the domain. It allows the machine without using
any OS or driver on the system. The hardware system is running in the virtual machine (VMware
patches security flaws, 2007). The central processing unit built in the HVM. It is frequently
called the extension of the VM.
Container virtualization
The Container virtualization also called as an operating system level in VM. It secures
multiple containers and runs in different applications (Kb.vmware.com, 2018). It is based on the
administration for security or presentation reason for maintaining the same operating system in
each container. The HVM and PV both are used in the hypervisor to interact with the many
transmission control protocol.
11. Project Planning
Activities involved in the process
As already discussed in the above context, this project is all about finding the mitigation
strategy against the ransom DDOS attacks. For developing the mitigation strategy, the researcher
conducts the DDOS attack using the Kali Linux software. From the proposed attack, the
researcher planned to identify the various important key things related to the attack and
mitigation strategy. This research project starts with the process of identifying the various
activities involved in the project. At first, the various activity details of the project are given
below. And the map of activities carried out in the process is also illustrated below for providing
additional information. There are six activities planned in the project. All the six activities are
36
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
considered as the milestone activity. Under these six milestone activities, there are a number of
sub-activities present. The key milestones of the project are listed below,
• Initial Analysis
• Virtual Machine Installation
• Esxi Analysis
• DDOS Attacking
• Analyzing the attack
• Developing the Mitigation Strategy
Initial Analysis
Conducting the initial analysis is the first process planned to carry out by the researcher.
In this section, the researcher first starts to analyze the various virtual machine platforms. The
researcher studied the various virtual machine platforms and their capabilities and limitations.
Because this project is related to spreading the malware to a number of systems and identify
what are the consequences. But spreading the malware to the physical systems is complicated
and it consumes higher cost.
So the researcher needs to use the Virtual machines to do that. So the initial investigation
about the VM platforms considered as the important process. Also, the researcher required to
select the most suited VMware platform for this research from the available options. The detailed
overview of the various VM platforms is already discussed in other parts of the report.
Virtual Machine Installation
Installing the virtual machine is the next process which has to be completed. For that, the
researcher required to download the appropriate software package from reliable resources. After
downloading the software package the researcher required to follow the standard installation
procedure for the software package (Communities.vmware.com, 2018). It depends on the
software package selected. Then the researcher required to complete the installation process.
37
sub-activities present. The key milestones of the project are listed below,
• Initial Analysis
• Virtual Machine Installation
• Esxi Analysis
• DDOS Attacking
• Analyzing the attack
• Developing the Mitigation Strategy
Initial Analysis
Conducting the initial analysis is the first process planned to carry out by the researcher.
In this section, the researcher first starts to analyze the various virtual machine platforms. The
researcher studied the various virtual machine platforms and their capabilities and limitations.
Because this project is related to spreading the malware to a number of systems and identify
what are the consequences. But spreading the malware to the physical systems is complicated
and it consumes higher cost.
So the researcher needs to use the Virtual machines to do that. So the initial investigation
about the VM platforms considered as the important process. Also, the researcher required to
select the most suited VMware platform for this research from the available options. The detailed
overview of the various VM platforms is already discussed in other parts of the report.
Virtual Machine Installation
Installing the virtual machine is the next process which has to be completed. For that, the
researcher required to download the appropriate software package from reliable resources. After
downloading the software package the researcher required to follow the standard installation
procedure for the software package (Communities.vmware.com, 2018). It depends on the
software package selected. Then the researcher required to complete the installation process.
37
ESXi Analysis
ESXi Analysis process consists of two minor activities. And they are the Development of
the virtual environment. ESXi is not the application software, it is the Operating system. So the
Researcher required to install the software on the virtual environment, and then the researcher
required to conduct the research on the virtual platform.
DDOS Attacking
DDOS attacking is the important process of the research work. It can be done in four
stages. And they are described below,
• At first, the researcher required to find the slave system. Slave system is also called a
zombie system. Initially, the infectious element is injected into this system by many techniques
like webpage, mail etc.
• The Second step is to identify the security vulnerabilities of the zombie system. This
process is quite tricky. Here, the researcher required to find these details by pinging the system.
• Then the third process is to communicate the systems connected with the zombie system.
The Researcher does this task by connecting the same network or some other techniques.
• And the final stage is to spread the malware files to many systems. All the target system
acts like the zombie systems. Like the same procedure, the process is continued.
(Here all these activities are done by the virtual platform)
Analyzing the attack
After completing the attack, the researcher required to analyze the effects of the attack.
This process contains three activities in it. The researcher should monitor the various effects of
the attack and consequences. Then the researcher required to measure the impacts and speed of
spreading etc.
Developing the Mitigation Strategy
From the above-found details the researcher required to develop the mitigation strategy
for mitigating the Ransom DDOS attacks.
38
ESXi Analysis process consists of two minor activities. And they are the Development of
the virtual environment. ESXi is not the application software, it is the Operating system. So the
Researcher required to install the software on the virtual environment, and then the researcher
required to conduct the research on the virtual platform.
DDOS Attacking
DDOS attacking is the important process of the research work. It can be done in four
stages. And they are described below,
• At first, the researcher required to find the slave system. Slave system is also called a
zombie system. Initially, the infectious element is injected into this system by many techniques
like webpage, mail etc.
• The Second step is to identify the security vulnerabilities of the zombie system. This
process is quite tricky. Here, the researcher required to find these details by pinging the system.
• Then the third process is to communicate the systems connected with the zombie system.
The Researcher does this task by connecting the same network or some other techniques.
• And the final stage is to spread the malware files to many systems. All the target system
acts like the zombie systems. Like the same procedure, the process is continued.
(Here all these activities are done by the virtual platform)
Analyzing the attack
After completing the attack, the researcher required to analyze the effects of the attack.
This process contains three activities in it. The researcher should monitor the various effects of
the attack and consequences. Then the researcher required to measure the impacts and speed of
spreading etc.
Developing the Mitigation Strategy
From the above-found details the researcher required to develop the mitigation strategy
for mitigating the Ransom DDOS attacks.
38
Planned Schedule for Various Activities
All the above-discussed activities are scheduled to complete the actions effectively. The
proposed schedule which is developed with the intention of reducing the time, required for the
entire project. But the sufficient time for each activity is allotted in this project. The overall time
planned for this project is 30 days.
Within 30 days, there is a number of activities planned to complete. The overall outline
of the project timeline is shown in the figure given below.
39
All the above-discussed activities are scheduled to complete the actions effectively. The
proposed schedule which is developed with the intention of reducing the time, required for the
entire project. But the sufficient time for each activity is allotted in this project. The overall time
planned for this project is 30 days.
Within 30 days, there is a number of activities planned to complete. The overall outline
of the project timeline is shown in the figure given below.
39
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Also, the detailed time frame for the various activities is described in the below-given table.
From the provided table, we can able to identify the various milestones of the project and subtask
of the project and the duration of each activity involved in the project.
Task Name Duration Starting time Finishing time
Initial Analysis 3 days Thu 01-11-18 Mon 05-11-18
Analysis of various
VM platforms
1 day Thu 01-11-18 Thu 01-11-18
Sequence the VM
based on the
requirements
1 day Fri 02-11-18 Fri 02-11-18
Select the appropriate
VM software
1 day Mon 05-11-18 Mon 05-11-18
Virtual Machine
Installation
1.5 days Tue 06-11-18 Wed 07-11-18
Download the
Selected VM software
from reliable sources
0.5 days Tue 06-11-18 Tue 06-11-18
Installation process 1 day Tue 06-11-18 Wed 07-11-18
Esxi Analysis 6 days Wed 07-11-18 Thu 15-11-18
Create the Virtual
Environment
1 day Wed 07-11-18 Thu 08-11-18
Analysis 5 days Thu 08-11-18 Thu 15-11-18
DDoS Attacking 8 days Thu 15-11-18 Tue 27-11-18
Slave system
Selection
1 day Thu 15-11-18 Fri 16-11-18
Identify the 1 day Fri 16-11-18 Mon 19-11-18
40
From the provided table, we can able to identify the various milestones of the project and subtask
of the project and the duration of each activity involved in the project.
Task Name Duration Starting time Finishing time
Initial Analysis 3 days Thu 01-11-18 Mon 05-11-18
Analysis of various
VM platforms
1 day Thu 01-11-18 Thu 01-11-18
Sequence the VM
based on the
requirements
1 day Fri 02-11-18 Fri 02-11-18
Select the appropriate
VM software
1 day Mon 05-11-18 Mon 05-11-18
Virtual Machine
Installation
1.5 days Tue 06-11-18 Wed 07-11-18
Download the
Selected VM software
from reliable sources
0.5 days Tue 06-11-18 Tue 06-11-18
Installation process 1 day Tue 06-11-18 Wed 07-11-18
Esxi Analysis 6 days Wed 07-11-18 Thu 15-11-18
Create the Virtual
Environment
1 day Wed 07-11-18 Thu 08-11-18
Analysis 5 days Thu 08-11-18 Thu 15-11-18
DDoS Attacking 8 days Thu 15-11-18 Tue 27-11-18
Slave system
Selection
1 day Thu 15-11-18 Fri 16-11-18
Identify the 1 day Fri 16-11-18 Mon 19-11-18
40
Vulnerability of the
slave system
Communication 1 day Mon 19-11-18 Tue 20-11-18
Attack 5 days Tue 20-11-18 Tue 27-11-18
Analyzing the Attack 3 days Tue 27-11-18 Fri 30-11-18
Identify the impacts 1 day Tue 27-11-18 Wed 28-11-18
Measure the damages
caused
1 day Wed 28-11-18 Thu 29-11-18
Find the reason behind
the problems
1 day Thu 29-11-18 Fri 30-11-18
Developing the Mitigation
Strategy
8 days Fri 30-11-18 Wed 12-12-18
Cause Identification 3 days Fri 30-11-18 Wed 05-12-18
Finding the methods
to resolve the
problems
5 days Wed 05-12-18 Wed 12-12-18
Activity Sequence Planning
The activities are sequenced by the PERT method. Here, the developed activity plan or activity
sequence for the project is described.
41
slave system
Communication 1 day Mon 19-11-18 Tue 20-11-18
Attack 5 days Tue 20-11-18 Tue 27-11-18
Analyzing the Attack 3 days Tue 27-11-18 Fri 30-11-18
Identify the impacts 1 day Tue 27-11-18 Wed 28-11-18
Measure the damages
caused
1 day Wed 28-11-18 Thu 29-11-18
Find the reason behind
the problems
1 day Thu 29-11-18 Fri 30-11-18
Developing the Mitigation
Strategy
8 days Fri 30-11-18 Wed 12-12-18
Cause Identification 3 days Fri 30-11-18 Wed 05-12-18
Finding the methods
to resolve the
problems
5 days Wed 05-12-18 Wed 12-12-18
Activity Sequence Planning
The activities are sequenced by the PERT method. Here, the developed activity plan or activity
sequence for the project is described.
41
Project Tracking
The project tracking and planning documents are developed using the MS project 2013
software. In this section, the developed Gantt chart for the project is described. By using this
chart, the researcher can able to monitor the activities of the project. This chart also helps the
42
The project tracking and planning documents are developed using the MS project 2013
software. In this section, the developed Gantt chart for the project is described. By using this
chart, the researcher can able to monitor the activities of the project. This chart also helps the
42
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
user for planning the daily activities and tasks. It is also used to measure the deviation between
the actual plan and the current activities carried out.
12. Resources Required
Hardware
One VMWare ESXi system (Intel i3 / 8 GB RAM / 500 GB Hard disk)
43
the actual plan and the current activities carried out.
12. Resources Required
Hardware
One VMWare ESXi system (Intel i3 / 8 GB RAM / 500 GB Hard disk)
43
One VMWare VCENTER system (Intel i3 / 8 GB RAM / 500 GB Hard disk)
One attacking desktop with Kali Linux (Intel i3 / 4 GB / 500 GB Hard disk)
Two windows desktops to test service speed of the attacked system
LAN infrastructure with 100 Mbps network speed
WAN infrastructure with 10 Mbps internet speed
Software
ESXi 6.7
vCenter 6
Windows XP
Kali Linux
Implementation
1) Types of tool:
Here in this project we are used some tools for the implementation part. They are
VMware workstation player ( For booting VMware ESXi server)
VMware ESXi system
Kali Linux and windows XP as a software
Using web access instead of VMware vSphere client
2) Topology:
Bus topology is used here.
3) Performed DDoS attacks
Here we are made totally 8 attacks. They are,
1. Slowloris
44
One attacking desktop with Kali Linux (Intel i3 / 4 GB / 500 GB Hard disk)
Two windows desktops to test service speed of the attacked system
LAN infrastructure with 100 Mbps network speed
WAN infrastructure with 10 Mbps internet speed
Software
ESXi 6.7
vCenter 6
Windows XP
Kali Linux
Implementation
1) Types of tool:
Here in this project we are used some tools for the implementation part. They are
VMware workstation player ( For booting VMware ESXi server)
VMware ESXi system
Kali Linux and windows XP as a software
Using web access instead of VMware vSphere client
2) Topology:
Bus topology is used here.
3) Performed DDoS attacks
Here we are made totally 8 attacks. They are,
1. Slowloris
44
We did Slowloris attack in Kali Linux against VMware ESXi server and other websites.
It is a type of tool presented in the Kali Linux. It is used to attack the target web server. By this
we can send multiple requests to the server. By this action the web server gets hang. And the
operation will get failure.
2. Metasploit
The Metasploit attack is made against the VMware ESXi server. Here SYN flood attack
is launched by this tool. Metasploit is a kind of tool existing in the Kali Linux. Initially the IP
address for the target web server is observed by this tool. This SYN flood target the ESXi server
and affect the server actions. BY providing exploit attack we can launch the attack by this tool.
By making SYN flood attack we can hack the website.
3. Hping3
It is a penetration testing tool existing in the Kali Linux. This attack also done by making
lot of requests to the server. After the execution of the hping3 command the tshark command
will be executed. After made this attack the server will be performed slowly.
4. Goldeneye
It is an attacking tool existing in the Kali Linux. By this attack we can make the website
as unavailable. This goldeneye command is executed with the corresponding IP address. After
this attack the webserver gets struggled to load the webpage. The tshark command is used to
view the packets sent to the target system.
5. XERXES
It is also a Kali Linux attacking tool. This attack also used to make the website as
unavailable. By executing the command we can hack the corresponding web page. This attack
breaks the connection establishment.
6. Pyloris
The Pyloris attack is made here. It is a type of attacking tool existing in the Kali Linux. It
make the attack on corresponding host which is entered by the user. And made the threads. And
attack the connection in the VMware ESXi server.
45
It is a type of tool presented in the Kali Linux. It is used to attack the target web server. By this
we can send multiple requests to the server. By this action the web server gets hang. And the
operation will get failure.
2. Metasploit
The Metasploit attack is made against the VMware ESXi server. Here SYN flood attack
is launched by this tool. Metasploit is a kind of tool existing in the Kali Linux. Initially the IP
address for the target web server is observed by this tool. This SYN flood target the ESXi server
and affect the server actions. BY providing exploit attack we can launch the attack by this tool.
By making SYN flood attack we can hack the website.
3. Hping3
It is a penetration testing tool existing in the Kali Linux. This attack also done by making
lot of requests to the server. After the execution of the hping3 command the tshark command
will be executed. After made this attack the server will be performed slowly.
4. Goldeneye
It is an attacking tool existing in the Kali Linux. By this attack we can make the website
as unavailable. This goldeneye command is executed with the corresponding IP address. After
this attack the webserver gets struggled to load the webpage. The tshark command is used to
view the packets sent to the target system.
5. XERXES
It is also a Kali Linux attacking tool. This attack also used to make the website as
unavailable. By executing the command we can hack the corresponding web page. This attack
breaks the connection establishment.
6. Pyloris
The Pyloris attack is made here. It is a type of attacking tool existing in the Kali Linux. It
make the attack on corresponding host which is entered by the user. And made the threads. And
attack the connection in the VMware ESXi server.
45
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7. THC-SSL-DOS
This attack is happened against the VMware ESXi server. By enabling this attack we can
hack the website. This attack will terminate the process.
4) Structure diagram
Layout & layers
46
This attack is happened against the VMware ESXi server. By enabling this attack we can
hack the website. This attack will terminate the process.
4) Structure diagram
Layout & layers
46
5) Number of host
Only one host is used here. That is VMware ESXi.
6) Attack will be performed in-between internal VMS or from outside to VMS
47
Only one host is used here. That is VMware ESXi.
6) Attack will be performed in-between internal VMS or from outside to VMS
47
The attack will be performed in-between internal VMS. Because, the DDOS attack is
performed from the Kali Linux virtual machine in order to affect the ESXi virtual machine.
ESXi
The ESXi is represented as a kernel operating systems for accessing the cloud-based
systems. The ESXi 6.7 is considered as the latest version. Here it is installed to configure for
accessing the operating on various virtual machines (Vuletić and Nojković, 2018). The
installation and configuration will be explained. We have installed this ESXi operating system
for the cloud access. In that, we installed the hypervisor software for accessing a virtual
operating system. By creating this virtual operating system we can reduce the vulnerabilities
(Wu, n.d.). Because through the internal firewall, we can reduce the attack, if VM is offline also.
ESXi creation using VMware workstation player
Step 1
The name was given for the virtual machine. This is shown in the above figure.
Step 2
48
performed from the Kali Linux virtual machine in order to affect the ESXi virtual machine.
ESXi
The ESXi is represented as a kernel operating systems for accessing the cloud-based
systems. The ESXi 6.7 is considered as the latest version. Here it is installed to configure for
accessing the operating on various virtual machines (Vuletić and Nojković, 2018). The
installation and configuration will be explained. We have installed this ESXi operating system
for the cloud access. In that, we installed the hypervisor software for accessing a virtual
operating system. By creating this virtual operating system we can reduce the vulnerabilities
(Wu, n.d.). Because through the internal firewall, we can reduce the attack, if VM is offline also.
ESXi creation using VMware workstation player
Step 1
The name was given for the virtual machine. This is shown in the above figure.
Step 2
48
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Space is allocated for the virtual operating system. This is shown in the above figure.
Step 3
The VM will be created. The hardware details are shown in the above figure.
Step 4
49
Step 3
The VM will be created. The hardware details are shown in the above figure.
Step 4
49
The kernel Operating system is in the starting stage. It will boot automatically. This is
shown in the above figure.
Step 5
The Virtual machine kernel loaded successfully. This is shown in the above figure.
Step 6
50
shown in the above figure.
Step 5
The Virtual machine kernel loaded successfully. This is shown in the above figure.
Step 6
50
The installation will start for the ESXi operating system. This is shown in the above
figure.
Step 7
The license for the installation is needed to move further steps. This is shown in the
above figure.
Step 8
51
figure.
Step 7
The license for the installation is needed to move further steps. This is shown in the
above figure.
Step 8
51
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The storage capacity and the device names are listed in the diagram. This is shown in the
above figure.
Step 9 –The selection of keyboard layout
The US Default keyboard layout is selected. This is shown in the above figure.
Step 10
52
above figure.
Step 9 –The selection of keyboard layout
The US Default keyboard layout is selected. This is shown in the above figure.
Step 10
52
The root password is given for the ESXi operating system. This is shown in the above
figure.
Step 11- Final step of the installation procedure
By pressing F11, the installation of ESXi will be started. This is shown in the above
figure.
Step 12 – Installing…
53
figure.
Step 11- Final step of the installation procedure
By pressing F11, the installation of ESXi will be started. This is shown in the above
figure.
Step 12 – Installing…
53
The installation process of ESXi is going on. The above figure shows this.
Step 13- completed and rebooting stage
Installation is completed. By pressing ‘Enter’, the system will be rebooted. The above
figure shows this.
54
Step 13- completed and rebooting stage
Installation is completed. By pressing ‘Enter’, the system will be rebooted. The above
figure shows this.
54
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After completing the installation, we can access the VMware ESXi through the
hypervisor. The username and the password are given for the VMware ESXi (Ranjan et al.,
2009). It contains the root users. For this, initially, we need to provide the IP address regarding
the ESXi virtual operating systems. The local domain, the CPU usage, and memory are displayed
through web access.
Create Virtual Machines using vSphere in ESXi
VMware vSphere Client is a windows application. It is used to connect to the VMware products,
for example, ESXi Server. The installation steps for VMware vSphere Client is listed below.
1. From the VMware site, download VMware vSphere Client
2. To install VMware vSphere Client, double-click on it.
3. Choose language and click ‘OK’. This shown in the below figure.
4. The installation wizard for VMware vSphere Client will be opened. Click ‘Next’. This is
shown in the below figure.
55
hypervisor. The username and the password are given for the VMware ESXi (Ranjan et al.,
2009). It contains the root users. For this, initially, we need to provide the IP address regarding
the ESXi virtual operating systems. The local domain, the CPU usage, and memory are displayed
through web access.
Create Virtual Machines using vSphere in ESXi
VMware vSphere Client is a windows application. It is used to connect to the VMware products,
for example, ESXi Server. The installation steps for VMware vSphere Client is listed below.
1. From the VMware site, download VMware vSphere Client
2. To install VMware vSphere Client, double-click on it.
3. Choose language and click ‘OK’. This shown in the below figure.
4. The installation wizard for VMware vSphere Client will be opened. Click ‘Next’. This is
shown in the below figure.
55
5. Accept the license and click ‘Next’. This is shown in the below figure.
6. Select desired destination location and press ‘Next’. This is shown in the below snapshot.
56
6. Select desired destination location and press ‘Next’. This is shown in the below snapshot.
56
7. By clicking ‘Install’ button, the installation of VMware vSphere Client will begin. This is
shown in the below snapshot.
8. Log in with the VMware vSphere Client by using IP address, username, and password.
This is shown in the below snapshot.
57
shown in the below snapshot.
8. Log in with the VMware vSphere Client by using IP address, username, and password.
This is shown in the below snapshot.
57
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The virtual machines can be created using VMware vSphere Client (Seget, 2018). The steps for
creating Virtual machines are given below.
To configure virtual machines, the user interface in the vSphere Clients needs to be used.
Automatically, the RAM and CPU will be detected and it can be assigned.
Click ESXi machine.
Go to Configuration Storage and click ‘Confirm’ button.
To create a Virtual machine, File New Virtual Machines.
Choose any one of the following options. Typical options and Custom options.
Set name and location for the virtual machine.
Assign data store.
Set Guest Operating System.
Enter the number of NICs want to use.
Set how much storage space needed for the virtual machine.
After setting those things, confirm them.
The virtual machine will be created.
58
creating Virtual machines are given below.
To configure virtual machines, the user interface in the vSphere Clients needs to be used.
Automatically, the RAM and CPU will be detected and it can be assigned.
Click ESXi machine.
Go to Configuration Storage and click ‘Confirm’ button.
To create a Virtual machine, File New Virtual Machines.
Choose any one of the following options. Typical options and Custom options.
Set name and location for the virtual machine.
Assign data store.
Set Guest Operating System.
Enter the number of NICs want to use.
Set how much storage space needed for the virtual machine.
After setting those things, confirm them.
The virtual machine will be created.
58
The virtual machines can also be created by using Web access in ESXi (Pen-testing.sans.org,
2018). After installing the ESXi server, it gives the IP address for web access (Mukhopadhyay,
Goswami and Mandal, 2014). From this, the tools can be downloaded which is used for
managing the host. By using this IP address, the virtual machines can be created. This is
explained below in detail with appropriate screenshots.
Enter username and password to log in. This is shown in the below snapshot.
After login, the below-given screen will have appeared. The details about the host such as
hardware, system information, configuration, storage, CPU and memory capacity are given in the
Host tab. Initially, the host in a maintenance mode. To change it to the normal mode, go to
‘Actions’ and select ‘Exit maintenance mode’.
59
2018). After installing the ESXi server, it gives the IP address for web access (Mukhopadhyay,
Goswami and Mandal, 2014). From this, the tools can be downloaded which is used for
managing the host. By using this IP address, the virtual machines can be created. This is
explained below in detail with appropriate screenshots.
Enter username and password to log in. This is shown in the below snapshot.
After login, the below-given screen will have appeared. The details about the host such as
hardware, system information, configuration, storage, CPU and memory capacity are given in the
Host tab. Initially, the host in a maintenance mode. To change it to the normal mode, go to
‘Actions’ and select ‘Exit maintenance mode’.
59
To add or create a new virtual machine, ‘Virtual Machines’ tab is used. 1. This is shown in the
below snapshot.
In this tab, select ‘Create/Register VM’. A new virtual machine window will appear.
60
below snapshot.
In this tab, select ‘Create/Register VM’. A new virtual machine window will appear.
60
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In this window, select a creation type of the virtual machine. Here, select ‘Create a New Virtual
Machine’ and then click ‘Next’. This is shown in the below snapshot.
After that, enter a name and select compatibility, Guest OS family and Guest OS version. Then
click ‘Next’. This is shown in the below snapshot.
61
Machine’ and then click ‘Next’. This is shown in the below snapshot.
After that, enter a name and select compatibility, Guest OS family and Guest OS version. Then
click ‘Next’. This is shown in the below snapshot.
61
Then Select the storage and press ‘Next’. This is shown in the below snapshot.
In the Customize Settings, under the Virtual hardware select number of CPU and enter Memory
and Hard disk size. Then press ‘Next’. The below figure shows this.
62
In the Customize Settings, under the Virtual hardware select number of CPU and enter Memory
and Hard disk size. Then press ‘Next’. The below figure shows this.
62
After that, Click ‘Finish’. Then, a new Virtual machine will be created. The below figure shows
this.
Windows XP – Virtual Machine creation
The Windows XP is virtually installed on the ESXi server. To create a virtual machine
for Windows XP, click ‘Create/Register VM’ under the Virtual Machines option. After that,
select the creation type of ‘Create a new virtual machine’ from the appeared screen. Click
‘Next’.
Then the below-given screen will appear. In that screen, enter the name for the virtual
machine (Moreno and Reddy, 2006). Here, ‘windows xp’ is given as a name. The compatibility
is ESXi 6.7 virtual machine, Guest OS family is Windows and the Guest OS version is Microsoft
Windows XP Professional (64-bit).
After entering those, click ‘Next’. The below figure shows the second step in the creation
of virtual machine of Windows XP in the ESXi server.
63
this.
Windows XP – Virtual Machine creation
The Windows XP is virtually installed on the ESXi server. To create a virtual machine
for Windows XP, click ‘Create/Register VM’ under the Virtual Machines option. After that,
select the creation type of ‘Create a new virtual machine’ from the appeared screen. Click
‘Next’.
Then the below-given screen will appear. In that screen, enter the name for the virtual
machine (Moreno and Reddy, 2006). Here, ‘windows xp’ is given as a name. The compatibility
is ESXi 6.7 virtual machine, Guest OS family is Windows and the Guest OS version is Microsoft
Windows XP Professional (64-bit).
After entering those, click ‘Next’. The below figure shows the second step in the creation
of virtual machine of Windows XP in the ESXi server.
63
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Then, select a storage and customize settings according to the needs (Mishra, 2018). In
the customize settings, under the virtual hardware tab, the number of CPU is entered as 1,
memory size is entered as 256 MB and the size of the hard disk 1 is entered as 8 GB. After that,
press ‘Next’. The fourth step (Customize settings) in the creation of virtual machine of Windows
XP in the ESXi server is shown in the below figure.
64
the customize settings, under the virtual hardware tab, the number of CPU is entered as 1,
memory size is entered as 256 MB and the size of the hard disk 1 is entered as 8 GB. After that,
press ‘Next’. The fourth step (Customize settings) in the creation of virtual machine of Windows
XP in the ESXi server is shown in the below figure.
64
Confirm the settings before going to create the virtual machine. Then press ‘Finish’. The
final confirmation step in the creation of virtual machine of Windows XP in the ESXi server is
shown in the below figure.
65
final confirmation step in the creation of virtual machine of Windows XP in the ESXi server is
shown in the below figure.
65
The Windows XP virtual machine is created.
The initial loading of the Windows XP virtual machine is shown below.
66
The initial loading of the Windows XP virtual machine is shown below.
66
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Kali Linux – Virtual Machine creation
The Kali Linux is virtually installed on the ESXi server (Maynor and Mookhey, 2007).
To create a virtual machine of Kali Linux, click ‘Create/Register VM’ under the Virtual
Machines option. After that, select the creation type of ‘Create a new virtual machine’ from the
appeared screen. Click ‘Next’.
Then, the below-given screen will be appeared (Mills, 2015). In that screen, enter the
name for the virtual machine. Here, ‘Kali Linux’ is given as the name for the virtual machine.
The compatibility is ESXi 6.7 virtual machine, Guest OS family is Linux and the Guest OS
version is Debian GNU Linux 6 (64-bit).
After entering those, press ‘Next’. The below figure shows the second step in the creation
of the virtual machine of Kali Linux in the ESXi.
67
The Kali Linux is virtually installed on the ESXi server (Maynor and Mookhey, 2007).
To create a virtual machine of Kali Linux, click ‘Create/Register VM’ under the Virtual
Machines option. After that, select the creation type of ‘Create a new virtual machine’ from the
appeared screen. Click ‘Next’.
Then, the below-given screen will be appeared (Mills, 2015). In that screen, enter the
name for the virtual machine. Here, ‘Kali Linux’ is given as the name for the virtual machine.
The compatibility is ESXi 6.7 virtual machine, Guest OS family is Linux and the Guest OS
version is Debian GNU Linux 6 (64-bit).
After entering those, press ‘Next’. The below figure shows the second step in the creation
of the virtual machine of Kali Linux in the ESXi.
67
After that, select the storage for the virtual machine. Then customize the settings to fulfill
the requirements. Under the virtual hardware section in the customize settings screen, CPU, hard
disk size and memory size is entered. After customizing the settings, confirm them and press
‘Finish’ to start the installation of Kali Linux Virtual Machine in the ESXi. The below figure
shows the confirmation stage which is the final step in the creation of virtual machine of Kali
Linux in the ESXi.
The Kali Linux Virtual Machine is installing. It is shown in the below screenshot.
68
the requirements. Under the virtual hardware section in the customize settings screen, CPU, hard
disk size and memory size is entered. After customizing the settings, confirm them and press
‘Finish’ to start the installation of Kali Linux Virtual Machine in the ESXi. The below figure
shows the confirmation stage which is the final step in the creation of virtual machine of Kali
Linux in the ESXi.
The Kali Linux Virtual Machine is installing. It is shown in the below screenshot.
68
13. DDoS attacks using Kali Linux and its Test Results
There are many tools available in the Kali Linux to perform penetration testing on the target
network or the target system or server (Yeah Hub, 2018). The following tools are used to
perform the DDoS attacks from the Kali Linux (Sowells et al., 2018).
1. EtherApe
2. Metasploit
3. Slowloris
4. LOIC (Low Orbit Ion Canon)
5. THC-SSL-DoS
6. GoldenEye
7. Pyloris
8. Hping3
EtherApe:
This tool is used to perform the DDoS website attack.
In Kali Linux, run EtherApe by using the following command.
Run service tor
Download goldeneye and unzip it.
After that, launch the attack.
69
There are many tools available in the Kali Linux to perform penetration testing on the target
network or the target system or server (Yeah Hub, 2018). The following tools are used to
perform the DDoS attacks from the Kali Linux (Sowells et al., 2018).
1. EtherApe
2. Metasploit
3. Slowloris
4. LOIC (Low Orbit Ion Canon)
5. THC-SSL-DoS
6. GoldenEye
7. Pyloris
8. Hping3
EtherApe:
This tool is used to perform the DDoS website attack.
In Kali Linux, run EtherApe by using the following command.
Run service tor
Download goldeneye and unzip it.
After that, launch the attack.
69
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Metasploit:
It is a penetration testing tool
It allows the users to find, exploit and validate vulnerabilities in the system.
SYN flood attack can be launched by using this tool.
For this, the following command is used.
To launch the attack using the Metasploit tool, the ‘msfconsole’ command is used.
After that, in the msfconsole, type ‘use auxiliary/dos/tcp/synflood’ command.
Then type ‘show options’ to view all the options with the auxiliary in a list format.
Set target address (RHOST) by using
And then type ‘exploit’. The ‘exploit’ command is used to launch the attack.
Set port number (RPORT) by using
And then type ‘exploit’ which is used to launch the attack
The SYN flood will be started on the target machine. By using Wireshark in the target
machine, it will be found that how many packets are hit the target machine during the
SYN Flood attack.
Slowloris:
It is an effective tool to launch the DoS attack.
It sends partial HTTP requests. The web server connections will be opened until this
partial request is completed.
It opens multiple connections in the target web server and keeps them open as long as
possible.
This needs only a minimum amount of bandwidth for implementation.
It only affects the web server of the target.
In Kali Linux,
Download slowloris tool and use the following commands in the terminal window.
70
It is a penetration testing tool
It allows the users to find, exploit and validate vulnerabilities in the system.
SYN flood attack can be launched by using this tool.
For this, the following command is used.
To launch the attack using the Metasploit tool, the ‘msfconsole’ command is used.
After that, in the msfconsole, type ‘use auxiliary/dos/tcp/synflood’ command.
Then type ‘show options’ to view all the options with the auxiliary in a list format.
Set target address (RHOST) by using
And then type ‘exploit’. The ‘exploit’ command is used to launch the attack.
Set port number (RPORT) by using
And then type ‘exploit’ which is used to launch the attack
The SYN flood will be started on the target machine. By using Wireshark in the target
machine, it will be found that how many packets are hit the target machine during the
SYN Flood attack.
Slowloris:
It is an effective tool to launch the DoS attack.
It sends partial HTTP requests. The web server connections will be opened until this
partial request is completed.
It opens multiple connections in the target web server and keeps them open as long as
possible.
This needs only a minimum amount of bandwidth for implementation.
It only affects the web server of the target.
In Kali Linux,
Download slowloris tool and use the following commands in the terminal window.
70
Open a new terminal window. For example, enter ‘ping google.com’. The IP address of the
google.com will be obtained.
Use this IP address in the terminal window 1 to perform a DoS attack.
LOIC (Low Orbit Ion Canon):
It is used to launch the DoS attacks (HACK IS ON, 2018).
This tool is used to send the junk of ICMP or UDP packets to the target system.
This tool can open up to 256 simultaneous attack sessions at the same time
(www.digitraptor.com, 2018).
It is also a network stress testing tool.
THC-SSL-DoS:
This is a built-in tool of the Kali Linux.
This tool is used to launch the DDoS attack.
It does not need huge bandwidth.
The attack can be conducted within a single system
This tool attacks the vulnerabilities present in the SSL.
And brings the server down.
GoldenEye:
It is one of the tools in the Kali Linux.
It is a python application which is used for the security testing purpose only.
It has the capability to bring the target web server down.
Pyloris:
It is a testing tool.
It is used to perform DOS attack on servers.
71
google.com will be obtained.
Use this IP address in the terminal window 1 to perform a DoS attack.
LOIC (Low Orbit Ion Canon):
It is used to launch the DoS attacks (HACK IS ON, 2018).
This tool is used to send the junk of ICMP or UDP packets to the target system.
This tool can open up to 256 simultaneous attack sessions at the same time
(www.digitraptor.com, 2018).
It is also a network stress testing tool.
THC-SSL-DoS:
This is a built-in tool of the Kali Linux.
This tool is used to launch the DDoS attack.
It does not need huge bandwidth.
The attack can be conducted within a single system
This tool attacks the vulnerabilities present in the SSL.
And brings the server down.
GoldenEye:
It is one of the tools in the Kali Linux.
It is a python application which is used for the security testing purpose only.
It has the capability to bring the target web server down.
Pyloris:
It is a testing tool.
It is used to perform DOS attack on servers.
71
For performing this attack, it uses SSL connection and SOCKS proxies (networklibrary,
2018).
Different kinds of protocols such as Telnet, FTP, SMTP, HTTP, and IMAP can be
targeted by this tool.
This tool directly attacks the service (Server).
hping3:
It is a network tool.
It has the ability to send the custom TCP/IP packets.
It also displays the target replies just like ping command.
It is also used to create a flood in the target system which in turn leads to the DDoS
attack.
To install hping3 on the Kali Linux, use ‘sudo apt-get install hping3’ command.
‘hping3 -S --flood -V <example.com>’ command is used to perform SYN flood on the
target web server.
DDoS attack using Metasploit tool
72
2018).
Different kinds of protocols such as Telnet, FTP, SMTP, HTTP, and IMAP can be
targeted by this tool.
This tool directly attacks the service (Server).
hping3:
It is a network tool.
It has the ability to send the custom TCP/IP packets.
It also displays the target replies just like ping command.
It is also used to create a flood in the target system which in turn leads to the DDoS
attack.
To install hping3 on the Kali Linux, use ‘sudo apt-get install hping3’ command.
‘hping3 -S --flood -V <example.com>’ command is used to perform SYN flood on the
target web server.
DDoS attack using Metasploit tool
72
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Nmap command is used to find the open ports in the target. In Kali Linux, using the
nmap command, the open ports in the target system of 192.168.147.1/24 are found.
73
nmap command, the open ports in the target system of 192.168.147.1/24 are found.
73
Open a new terminal and go to msf console (Metasploit Penetration Testing Cookbook, 2013).
In the msf console, enter ‘msfupdate’
74
In the msf console, enter ‘msfupdate’
74
By using ‘search name: vmware type: exploit’ command, the below- given result is obtained.
The ‘Exploit’ command is used to launch the attack on the target system (Chandel, 2018).
Enter ‘use auxiliary/admin/vmware/terminate_esx_sessions’ in msf console and then use ‘show
options’ command to view the module options. The result of the ‘show options’ command is
shown in the below two screenshots.
75
The ‘Exploit’ command is used to launch the attack on the target system (Chandel, 2018).
Enter ‘use auxiliary/admin/vmware/terminate_esx_sessions’ in msf console and then use ‘show
options’ command to view the module options. The result of the ‘show options’ command is
shown in the below two screenshots.
75
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
DDoS attack using hping3 tool
In Kali Linux, hping3 is one of the penetration testing tools. To perform a DDoS attack in the
target system or server, the hping3 is used (Extreme Hacking | Sadik Shaikh | Cyber Suraksha
Abhiyan | Hackers Charity, 2018). Here, the hping is in a flood mode. To achieve this, the
following command is used.
76
In Kali Linux, hping3 is one of the penetration testing tools. To perform a DDoS attack in the
target system or server, the hping3 is used (Extreme Hacking | Sadik Shaikh | Cyber Suraksha
Abhiyan | Hackers Charity, 2018). Here, the hping is in a flood mode. To achieve this, the
following command is used.
76
After that, so many TCP packets are sent to the target server or system in order to exhaust them.
By using the following command, how many packets are sent to the target can be found.
Open a new terminal and enter the above command to view the following screen.
In the main terminal, how many packets are transmitted to the target will be shown. Here,
8165709 packets are sent to the target system. It is shown below.
77
By using the following command, how many packets are sent to the target can be found.
Open a new terminal and enter the above command to view the following screen.
In the main terminal, how many packets are transmitted to the target will be shown. Here,
8165709 packets are sent to the target system. It is shown below.
77
SYN flood attack using Kali Linux Tool
In the msf auxiliary console of the Kali Linux, set a target host. In that target host, the SYN flood
attack will be imposed. After that enter ‘exploit’ command to launch the attack on the target.
The target server is down or it takes more time to load. So, it is verified that the SYN flood
attack is successfully performed. It is shown in the below – given figure.
After stopping the SYN flood attack, the target will be loaded. That means the target server has
come to upstate. It is shown in the below figure.
78
In the msf auxiliary console of the Kali Linux, set a target host. In that target host, the SYN flood
attack will be imposed. After that enter ‘exploit’ command to launch the attack on the target.
The target server is down or it takes more time to load. So, it is verified that the SYN flood
attack is successfully performed. It is shown in the below – given figure.
After stopping the SYN flood attack, the target will be loaded. That means the target server has
come to upstate. It is shown in the below figure.
78
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Another example of this SYN flood attack is described below.
The web server of www.stealmylogin.com is used here as a target server. Initially, this target
server is in a UP state. It is shown below.
79
The web server of www.stealmylogin.com is used here as a target server. Initially, this target
server is in a UP state. It is shown below.
79
In the Kali Linux, the SYN flood is exploited on the target web-server of www.stealmylogin.com
by using the ‘set RHOST’ and ‘exploit’ command.
The SYN flood attack is launched on the target web server.
After that, for the confirmation of the SYN flood attack, the target web server is loaded again.
But the service is not available. So, it is verified that the SYN flood attack on the web server is
successfully implemented.
DDoS attack using Goldeneye tool
In the Kali Linux, git clone command is used to target an existing repository and used to create a
clone, or a copy of the target repository (Chomatin.blogspot.com, 2018). The Goldeneye is
cloned. It is shown below.
80
by using the ‘set RHOST’ and ‘exploit’ command.
The SYN flood attack is launched on the target web server.
After that, for the confirmation of the SYN flood attack, the target web server is loaded again.
But the service is not available. So, it is verified that the SYN flood attack on the web server is
successfully implemented.
DDoS attack using Goldeneye tool
In the Kali Linux, git clone command is used to target an existing repository and used to create a
clone, or a copy of the target repository (Chomatin.blogspot.com, 2018). The Goldeneye is
cloned. It is shown below.
80
The tshark command is used to view the packets sent to the target system.
81
81
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The goldeneye directory is opened. The google.com web server is accessed.
The results of the goldeneye penetration testing are shown below. All the process in the target
web server is killed.
82
The results of the goldeneye penetration testing are shown below. All the process in the target
web server is killed.
82
Another example for the DDoS attack using Goldeneye tool is shown below. The IP address of
the target is entered.
After that, all the process in that target is killed. And the target server goes down. It is verified by
the obtained message of ‘Server may be DOWN!’ The following two figures show this process.
83
the target is entered.
After that, all the process in that target is killed. And the target server goes down. It is verified by
the obtained message of ‘Server may be DOWN!’ The following two figures show this process.
83
The tshark command is used to view the packets sent to the target system. The below – given
screenshot shows the results which are captured by using the tshark command.
84
screenshot shows the results which are captured by using the tshark command.
84
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DDoS attack using XERXES tool
In the Kali Linux, git clone command is used to target an existing repository and also used to
create a clone, or copy of the target repository. The Xerxes is cloned (GBHackers On Security,
2018). It is shown below. The ‘ls' command is used to view the directories. The ‘cd xerxes/’
command is used to go to the Xerxes directory. The folders in the Xerxes directory are viewed
using ‘ls’ command.
The following website is used to check whether the target server is up or down. That is
‘www.isitdownrightnow.com’
85
In the Kali Linux, git clone command is used to target an existing repository and also used to
create a clone, or copy of the target repository. The Xerxes is cloned (GBHackers On Security,
2018). It is shown below. The ‘ls' command is used to view the directories. The ‘cd xerxes/’
command is used to go to the Xerxes directory. The folders in the Xerxes directory are viewed
using ‘ls’ command.
The following website is used to check whether the target server is up or down. That is
‘www.isitdownrightnow.com’
85
Here, the target website is www.stealmylogin.com. It is attacked using the Xerxes. After that,
this target website server name is paste into the isitdownrightnow.com and checked whether the
server is down or up. It shows that the server is down right now.
DDoS attack using slowloris tool
Open Kali Linux and clone slowloris.pl, slowloris.py and hulk in separate terminals. In the
slowloris terminal, go to slowloris directory (Saroh and Saroh, 2018). And enter the following
command to perform the attack. That is ‘python3 slowloris.py <target website>’. It is shown
below. Press enter to start the attack.
86
this target website server name is paste into the isitdownrightnow.com and checked whether the
server is down or up. It shows that the server is down right now.
DDoS attack using slowloris tool
Open Kali Linux and clone slowloris.pl, slowloris.py and hulk in separate terminals. In the
slowloris terminal, go to slowloris directory (Saroh and Saroh, 2018). And enter the following
command to perform the attack. That is ‘python3 slowloris.py <target website>’. It is shown
below. Press enter to start the attack.
86
In the slowloris.pl terminal, go to slowloris directory. And enter the following command to
perform the attack. That is ‘perl slowloris.pl -dns <target website> -options’. It is shown below.
Press enter to start the attack.
In the slowloris.pl, go to hulk directory. And enter the following command to perform the attack.
That is ‘python hulk.py <target website>’. It is shown below. Press enter to start the attack.
87
perform the attack. That is ‘perl slowloris.pl -dns <target website> -options’. It is shown below.
Press enter to start the attack.
In the slowloris.pl, go to hulk directory. And enter the following command to perform the attack.
That is ‘python hulk.py <target website>’. It is shown below. Press enter to start the attack.
87
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
After that, reload the target website. But, it is temporarily unavailable. It is shown in the below
figure.
Another example of this attack is given below.
Enter the following command to perform an attack on the ESXi server by using slowloris tool.
That is ‘python3 slowloris.py <target ESXi server>’. It is shown below. Press enter to start the
attack.
In the slowloris.pl, go to hulk directory. And enter the following command to perform the attack.
That is ‘python hulk.py <target ESXi server>’. It is shown below. Press enter to start the attack.
88
figure.
Another example of this attack is given below.
Enter the following command to perform an attack on the ESXi server by using slowloris tool.
That is ‘python3 slowloris.py <target ESXi server>’. It is shown below. Press enter to start the
attack.
In the slowloris.pl, go to hulk directory. And enter the following command to perform the attack.
That is ‘python hulk.py <target ESXi server>’. It is shown below. Press enter to start the attack.
88
In the slowloris.pl, go to slowloris directory. And enter the following command to perform the
attack. That is ‘perl slowloris.pl -dns <target ESXi server> -options’. It is shown below. Press
enter to start the attack.
The target server takes more time to load and there is a delay in providing service. This is shown
below.
89
attack. That is ‘perl slowloris.pl -dns <target ESXi server> -options’. It is shown below. Press
enter to start the attack.
The target server takes more time to load and there is a delay in providing service. This is shown
below.
89
DDoS attack using Pyloris
In Kali Linux, go to Pyloris directory (Motoma.io, 2018). And using ‘ls’ command, view the
folders in that directory. If there is a pyloris.py, then use ‘python pyloris.py’ command.
Open a new terminal. Use the ping command to obtain the target server IP address.
90
In Kali Linux, go to Pyloris directory (Motoma.io, 2018). And using ‘ls’ command, view the
folders in that directory. If there is a pyloris.py, then use ‘python pyloris.py’ command.
Open a new terminal. Use the ping command to obtain the target server IP address.
90
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After that, enter the target IP address in the host and enter the port number. Then Click ‘Launch’.
The below-given window will appear.
The status of the target host is listed. The below-given screenshot shows that.
91
The below-given window will appear.
The status of the target host is listed. The below-given screenshot shows that.
91
The IP address of the ESXi server is entered in the host and also the port number. After that,
enter ‘Launch’.
The status of the target ESXi server is displayed. It is shown below.
92
enter ‘Launch’.
The status of the target ESXi server is displayed. It is shown below.
92
DDoS attack using THC-SSL-DOS tool
The ping command is used to find the IP address of the target website (thehackerschoice, 2018).
It is shown below.
Open new terminal and enter the following command.
thc-ssl-dos <target IP> --accept
93
The ping command is used to find the IP address of the target website (thehackerschoice, 2018).
It is shown below.
Open new terminal and enter the following command.
thc-ssl-dos <target IP> --accept
93
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The thc-ssl-dos attack is launched. The target website cannot be reached because of this attack.
This is shown in the below figure.
Enter the ESXi server IP in the following command as a target IP.
thc-ssl-dos <target IP> --accept
94
This is shown in the below figure.
Enter the ESXi server IP in the following command as a target IP.
thc-ssl-dos <target IP> --accept
94
Because of the attack imposed on the ESXi server, it is hanged. All its process are going down.
Reload the ESXi server. But the service is not available and it also does not load.
95
Reload the ESXi server. But the service is not available and it also does not load.
95
Prevention against various DDoS attack
Against hping3
Here, the prevention is established against the DDoS attack. Normally, the hping3 tool is
used to make the continuous request to the server. Because of this activity, the server will hang.
So, by adding the TCP SYN flood protection commands into the configuration file, we can make
the prevention against DDoS attack caused by hping3. After adding the commands, the server
will relief and access properly. The screenshots are added for the execution of the protection
mechanism.
96
Against hping3
Here, the prevention is established against the DDoS attack. Normally, the hping3 tool is
used to make the continuous request to the server. Because of this activity, the server will hang.
So, by adding the TCP SYN flood protection commands into the configuration file, we can make
the prevention against DDoS attack caused by hping3. After adding the commands, the server
will relief and access properly. The screenshots are added for the execution of the protection
mechanism.
96
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Vulnerability scanning
Vulnerability scanning is used to check if the website has any vulnerable. From this
scanning, we can ensure whether the website is attacked or not. And also able to make the
solution corresponding to the available vulnerabilities. Here we are delivered two techniques to
check the website vulnerability.
1. REDHAWK
Using this redhawk, we checked the vulnerability of ESXi server and another website.
First, we downloaded the packages regarding the REDHAWK. Then it is executed by running
the php command.
97
Vulnerability scanning is used to check if the website has any vulnerable. From this
scanning, we can ensure whether the website is attacked or not. And also able to make the
solution corresponding to the available vulnerabilities. Here we are delivered two techniques to
check the website vulnerability.
1. REDHAWK
Using this redhawk, we checked the vulnerability of ESXi server and another website.
First, we downloaded the packages regarding the REDHAWK. Then it is executed by running
the php command.
97
98
Here the website is analyzed by using the redhawk technique. We found the results. The
SQL scanner method is implemented. It is not vulnerable. From these results, we can ensure that
there are no vulnerabilities present on the website.
99
SQL scanner method is implemented. It is not vulnerable. From these results, we can ensure that
there are no vulnerabilities present on the website.
99
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Vulnerability analysis of ESXi server URL
The same redhawk technique is used here to analyze the vulnerability of the ESXi server
URL. First, the URL of the server is entered and then it will show the options to make the
scanning. So, by selecting the SQL scanner, we received the message such as there is no
vulnerable.
100
The same redhawk technique is used here to analyze the vulnerability of the ESXi server
URL. First, the URL of the server is entered and then it will show the options to make the
scanning. So, by selecting the SQL scanner, we received the message such as there is no
vulnerable.
100
2. Vulnerability scanning using uniscan technique
Here, the uniscan technique is established to show the vulnerability of a particular
website. Here, we checked the vulnerability of ESXi server URL and got the results. Initially, the
update is made for the uniscan technique. First, we entered the IP of the corresponding ESXi
server. It shows the bing results. Also, the ignored files on the website are shown.
101
Here, the uniscan technique is established to show the vulnerability of a particular
website. Here, we checked the vulnerability of ESXi server URL and got the results. Initially, the
update is made for the uniscan technique. First, we entered the IP of the corresponding ESXi
server. It shows the bing results. Also, the ignored files on the website are shown.
101
102
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
103
From these analyses, we got the vulnerability results of the corresponding ESXi server. It
shows the vulnerability less than 1.
Required Countermeasures
The DDoS attacks on the target web server and the target system can be reduced or avoided by
implementing the following countermeasures. These are the common countermeasures used for
mitigation. By using these countermeasures, the DDoS attacks on the cloud-based systems can
be reduced or minimized.
104
shows the vulnerability less than 1.
Required Countermeasures
The DDoS attacks on the target web server and the target system can be reduced or avoided by
implementing the following countermeasures. These are the common countermeasures used for
mitigation. By using these countermeasures, the DDoS attacks on the cloud-based systems can
be reduced or minimized.
104
1. The LOIC attack is mitigated by limiting ICMP and UDP packets. And the limitation of
how many packets can be delivered and send to the client will prevent the target from the
DoS attack.
2. By decreasing the Per-IP connection rate, the LOIC attacks can be mitigated.
3. By using intrusion detection systems (IDS) the DDoS attacks can be detected and the
intrusion protection systems (IPS) is used to prevent the target from the DDoS attacks.
4. Web-application firewalls (WAF) are used to prevent the target web server from the
DDoS attacks. The external firewalls must have the following filters. They are egress
filter, address filter, and ingress filter. By using access control lists and firewalls, the user
can control what traffic can reach the user’s application.
5. Tweak Connection per IP threshold.
6. Usage of strong anti-spyware and anti-virus software in the system with internet
connectivity will avoid the DDoS attacks and prevent the system from the attack.
7. To verify the source address, implement reverse DNS lookup. It also prevents the system
from attack.
8. Filters are used to block the unwanted traffic. It can be used to minimize the effect of the
DDoS attack. By implementing the filter closer to the source will reduce the bandwidth
used by the attackers.
9. Usage of cloud mitigation providers will reduce the DDoS attacks.
10. A cloud-based anti-DDoS solution is used to filter the malicious DDoS traffic.
11. Hardening of the machines/ system will help to prevent the target system or server from
the DDoS attack.
12. To avoid the loss because of the DDoS attacks, regularly back up the data on the system
or a server.
13. Update the software whenever the software update is needed. Always run a software with
its latest version.
14. By using pattern of the flow entries and the handling mechanism, the DDoS attacks can
be detected and mitigated. Use IDS and NIDS. It is known as the defense against layer-4
DDoS attacks.
15. The defense against layer-7 DDoS attacks is, only the complete HTTP requests are
acceptable in the target server or the system.
105
how many packets can be delivered and send to the client will prevent the target from the
DoS attack.
2. By decreasing the Per-IP connection rate, the LOIC attacks can be mitigated.
3. By using intrusion detection systems (IDS) the DDoS attacks can be detected and the
intrusion protection systems (IPS) is used to prevent the target from the DDoS attacks.
4. Web-application firewalls (WAF) are used to prevent the target web server from the
DDoS attacks. The external firewalls must have the following filters. They are egress
filter, address filter, and ingress filter. By using access control lists and firewalls, the user
can control what traffic can reach the user’s application.
5. Tweak Connection per IP threshold.
6. Usage of strong anti-spyware and anti-virus software in the system with internet
connectivity will avoid the DDoS attacks and prevent the system from the attack.
7. To verify the source address, implement reverse DNS lookup. It also prevents the system
from attack.
8. Filters are used to block the unwanted traffic. It can be used to minimize the effect of the
DDoS attack. By implementing the filter closer to the source will reduce the bandwidth
used by the attackers.
9. Usage of cloud mitigation providers will reduce the DDoS attacks.
10. A cloud-based anti-DDoS solution is used to filter the malicious DDoS traffic.
11. Hardening of the machines/ system will help to prevent the target system or server from
the DDoS attack.
12. To avoid the loss because of the DDoS attacks, regularly back up the data on the system
or a server.
13. Update the software whenever the software update is needed. Always run a software with
its latest version.
14. By using pattern of the flow entries and the handling mechanism, the DDoS attacks can
be detected and mitigated. Use IDS and NIDS. It is known as the defense against layer-4
DDoS attacks.
15. The defense against layer-7 DDoS attacks is, only the complete HTTP requests are
acceptable in the target server or the system.
105
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
14. Deliverables
The followings are the deliverables of this project.
Project plan developed in MSProject 2013
Literature review on DDoS attack and prevention steps.
Literature review on Ransom DDoS attack
The Literature review of VMware products, ESXi 6.5 server, VCenter 6
VMWare setup design document
Ransom DDoS attacks on cloud-based systems’ result reports
Countermeasures for the Ransom DDoS attacks investigation reports
Experimental setup report and conclusion report
Test Results
15. Conclusion
In this project, various types of DDoS attacks and Ransom DDoS attacks are explained in
detail. The VMware based infrastructure products and services are explained. The ESXi and
vSphere are explained in detail and their installation steps are shown with the respective
screenshots. The aim and the objective of the project are clearly explained. The methodology is
defined regarding the problem. The countermeasures of distributed denial of service attack are
explained. The VMware cloud products and their specification are also provided in this project.
The ransom DDoS attack is explained regarding the VMware cloud-based system. The project
proposal is delivered by the project planning method. The needed resources are explored and
explained. The attacks and their prevention methods are described. And the screenshots are
added for the testing results. The Kali Linux is used here to make the attacks. The Ransom DDoS
attacks are performed on the cloud-based systems and their countermeasures are explained in
detail. Various DDoS attacks are performed using the Kali Linux tools and screenshots are
added. The required countermeasures are explained in detail.
106
The followings are the deliverables of this project.
Project plan developed in MSProject 2013
Literature review on DDoS attack and prevention steps.
Literature review on Ransom DDoS attack
The Literature review of VMware products, ESXi 6.5 server, VCenter 6
VMWare setup design document
Ransom DDoS attacks on cloud-based systems’ result reports
Countermeasures for the Ransom DDoS attacks investigation reports
Experimental setup report and conclusion report
Test Results
15. Conclusion
In this project, various types of DDoS attacks and Ransom DDoS attacks are explained in
detail. The VMware based infrastructure products and services are explained. The ESXi and
vSphere are explained in detail and their installation steps are shown with the respective
screenshots. The aim and the objective of the project are clearly explained. The methodology is
defined regarding the problem. The countermeasures of distributed denial of service attack are
explained. The VMware cloud products and their specification are also provided in this project.
The ransom DDoS attack is explained regarding the VMware cloud-based system. The project
proposal is delivered by the project planning method. The needed resources are explored and
explained. The attacks and their prevention methods are described. And the screenshots are
added for the testing results. The Kali Linux is used here to make the attacks. The Ransom DDoS
attacks are performed on the cloud-based systems and their countermeasures are explained in
detail. Various DDoS attacks are performed using the Kali Linux tools and screenshots are
added. The required countermeasures are explained in detail.
106
16. References
Abidoye, A. and Obagbuwa, I. (2018). DDoS attacks in WSNs: detection and
countermeasures. IET Wireless Sensor Systems, 8(2), pp.52-59.
Acharya, S. and Pradhan, N. (2017). DDoS Simulation and Hybrid DDoS Defense
Mechanism. International Journal of Computer Applications, 163(9), pp.20-24.
Aguiar, A. and Hessel, F. (2012). Current techniques and future trends in embedded system's
virtualization. Software: Practice and Experience, 42(7), pp.917-944.
Alleged MPAA DDoS attacks spark retaliatory cyber attacks. (2010). Infosecurity, 7(5), p.8.
Albany.edu. (2018). [online] Available at:
https://www.albany.edu/iasymposium/proceedings/2016/03_Gupta_etal_ASIA2016.pdf
[Accessed 30 Oct. 2018].
Anon, (2018). [online] Available at: http://blog.ncanet.com/blog/7-need-to-know-facts-about-
ddos-attacks1506694204 [Accessed 30 Oct. 2018].
Anon, (2018). [online] Available at:
https://www.researchgate.net/publication/259941506_DoS_and_DDoS_Attacks_Impact_Analysi
s_and_Countermeasures [Accessed 30 Oct. 2018].
Aswariza, R., Perdana, D. and Negara, R. (2017). Analisis Throughput Dan Skalabilitas
Virtualized Network Function VyOS Pada Hypervisor VMWare ESXi, XEN, DAN
KVM. JURNAL INFOTEL, 9(1), p.70.
Bose, R. and Sarddar, D. (2015). A new approach in mobile gaming on cloud-based architecture
using Citrix and VMware technologies. Brazilian Journal of Science and Technology, 2(1).
Bugnion, E., Devine, S., Rosenblum, M., Sugerman, J. and Wang, E. (2012). Bringing
Virtualization to the x86 Architecture with the Original VMware Workstation. ACM
Transactions on Computer Systems, 30(4), pp.1-51.
Babincev, I. and Vuletic, D. (2016). Web application security analysis using the Kali Linux
operating system. Vojnotehnicki glasnik, 64(2), pp.513-531.
Chandel, R. (2018). Perform DOS Attack on Metasploitable 3. [online] Hacking Articles.
Available at: http://www.hackingarticles.in/perform-dos-attack-metasploitable-3/ [Accessed 1
Nov. 2018].
107
Abidoye, A. and Obagbuwa, I. (2018). DDoS attacks in WSNs: detection and
countermeasures. IET Wireless Sensor Systems, 8(2), pp.52-59.
Acharya, S. and Pradhan, N. (2017). DDoS Simulation and Hybrid DDoS Defense
Mechanism. International Journal of Computer Applications, 163(9), pp.20-24.
Aguiar, A. and Hessel, F. (2012). Current techniques and future trends in embedded system's
virtualization. Software: Practice and Experience, 42(7), pp.917-944.
Alleged MPAA DDoS attacks spark retaliatory cyber attacks. (2010). Infosecurity, 7(5), p.8.
Albany.edu. (2018). [online] Available at:
https://www.albany.edu/iasymposium/proceedings/2016/03_Gupta_etal_ASIA2016.pdf
[Accessed 30 Oct. 2018].
Anon, (2018). [online] Available at: http://blog.ncanet.com/blog/7-need-to-know-facts-about-
ddos-attacks1506694204 [Accessed 30 Oct. 2018].
Anon, (2018). [online] Available at:
https://www.researchgate.net/publication/259941506_DoS_and_DDoS_Attacks_Impact_Analysi
s_and_Countermeasures [Accessed 30 Oct. 2018].
Aswariza, R., Perdana, D. and Negara, R. (2017). Analisis Throughput Dan Skalabilitas
Virtualized Network Function VyOS Pada Hypervisor VMWare ESXi, XEN, DAN
KVM. JURNAL INFOTEL, 9(1), p.70.
Bose, R. and Sarddar, D. (2015). A new approach in mobile gaming on cloud-based architecture
using Citrix and VMware technologies. Brazilian Journal of Science and Technology, 2(1).
Bugnion, E., Devine, S., Rosenblum, M., Sugerman, J. and Wang, E. (2012). Bringing
Virtualization to the x86 Architecture with the Original VMware Workstation. ACM
Transactions on Computer Systems, 30(4), pp.1-51.
Babincev, I. and Vuletic, D. (2016). Web application security analysis using the Kali Linux
operating system. Vojnotehnicki glasnik, 64(2), pp.513-531.
Chandel, R. (2018). Perform DOS Attack on Metasploitable 3. [online] Hacking Articles.
Available at: http://www.hackingarticles.in/perform-dos-attack-metasploitable-3/ [Accessed 1
Nov. 2018].
107
Chomatin.blogspot.com. (2018). Kali Linux Tutorials 2.0 : Dos Attack using GoldenEye:.
[online] Available at: http://chomatin.blogspot.com/2015/11/kali-linux-tutorials-20-dos-
attack.html [Accessed 1 Nov. 2018].
Chaolong, J., Hanning, W. and Lili, W. (2016). Study of Smart Transportation Data Center
Virtualization Based on VMware vSphere and Parallel Continuous Query Algorithm over
Massive Data Streams. Procedia Engineering, 137, pp.719-728.
Communities.vmware.com. (2018). What is difference between ESXi and vSphere? |VMware
Communities. [online] Available at: https://communities.vmware.com/thread/337485 [Accessed
30 Oct. 2018].
ComputerWeekly.com. (2018). Ransom DDoS attacks on the rise. [online] Available at:
https://www.computerweekly.com/news/450423857/Ransom-DDoS-attacks-on-the-rise
[Accessed 30 Oct. 2018].
Dark Reading. (2018). Wave Of DDoS Attacks Down Cloud-Based Services. [online] Available
at: https://www.darkreading.com/attacks-breaches/wave-of-ddos-attacks-down-cloud-based-
services/d/d-id/1269614 [Accessed 30 Oct. 2018].
Esecurityplanet.com. (2018). How to Prevent DoS Attacks. [online] Available at:
https://www.esecurityplanet.com/network-security/how-to-prevent-dos-attacks.html [Accessed
30 Oct. 2018].
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity. (2018). DDos A
Website Using Hping3 -. [online] Available at:
http://blog.extremehacking.org/blog/2015/07/09/ddos-a-website-using-hping3/ [Accessed 1 Nov.
2018].
Faction. (2018). Protect networks from DDoS attacks with private cloud solutions - Faction.
[online] Available at: https://www.factioninc.com/protect-networks-from-ddos-attacks-with-
private-cloud-solutions/ [Accessed 30 Oct. 2018].
Fitzhugh, R. (2014). VSphere virtual machine management. Birmingham, UK: Packt Pub.
GAO, Y., WANG, T., GUO, F. and YU, M. (2012). DDoS detection with non-iterative Apriori
algorithm. Journal of Computer Applications, 31(6), pp.1521-1524.
108
[online] Available at: http://chomatin.blogspot.com/2015/11/kali-linux-tutorials-20-dos-
attack.html [Accessed 1 Nov. 2018].
Chaolong, J., Hanning, W. and Lili, W. (2016). Study of Smart Transportation Data Center
Virtualization Based on VMware vSphere and Parallel Continuous Query Algorithm over
Massive Data Streams. Procedia Engineering, 137, pp.719-728.
Communities.vmware.com. (2018). What is difference between ESXi and vSphere? |VMware
Communities. [online] Available at: https://communities.vmware.com/thread/337485 [Accessed
30 Oct. 2018].
ComputerWeekly.com. (2018). Ransom DDoS attacks on the rise. [online] Available at:
https://www.computerweekly.com/news/450423857/Ransom-DDoS-attacks-on-the-rise
[Accessed 30 Oct. 2018].
Dark Reading. (2018). Wave Of DDoS Attacks Down Cloud-Based Services. [online] Available
at: https://www.darkreading.com/attacks-breaches/wave-of-ddos-attacks-down-cloud-based-
services/d/d-id/1269614 [Accessed 30 Oct. 2018].
Esecurityplanet.com. (2018). How to Prevent DoS Attacks. [online] Available at:
https://www.esecurityplanet.com/network-security/how-to-prevent-dos-attacks.html [Accessed
30 Oct. 2018].
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity. (2018). DDos A
Website Using Hping3 -. [online] Available at:
http://blog.extremehacking.org/blog/2015/07/09/ddos-a-website-using-hping3/ [Accessed 1 Nov.
2018].
Faction. (2018). Protect networks from DDoS attacks with private cloud solutions - Faction.
[online] Available at: https://www.factioninc.com/protect-networks-from-ddos-attacks-with-
private-cloud-solutions/ [Accessed 30 Oct. 2018].
Fitzhugh, R. (2014). VSphere virtual machine management. Birmingham, UK: Packt Pub.
GAO, Y., WANG, T., GUO, F. and YU, M. (2012). DDoS detection with non-iterative Apriori
algorithm. Journal of Computer Applications, 31(6), pp.1521-1524.
108
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Grimes, G. (2005). Network security managers' preferences for the Snort IDS and GUI add-
ons. Network Security, 2005(4), pp.19-20.
Guo, F., Kim, S., Baskakov, Y. and Banerjee, I. (2015). Proactively Breaking Large Pages to
Improve Memory Overcommitment Performance in VMware ESXi. ACM SIGPLAN Notices,
50(7), pp.39-51.
Geddam, R. and Sarkar, P. (2013). Instant VMware view virtualization how-to. Birmingham,
U.K.: Packt Pub.
Gupta, B. (2011). An introduction to DDoS attacks and defense mechanisms. Saarbrücken: Lap
Lambert Academic Pub.
Guthrie, F. and Lowe, S. (2013). VMware vSphere design. Indianapolis, Indiana: John Wiley &
Sons.
GBHackers On Security. (2018). Kali Linux Tutorial - Most Powerful DoS tool XERXES.
[online] Available at: https://gbhackers.com/xerxes-kali-linux-tutorial/ [Accessed 1 Nov. 2018].
HACK IS ON. (2018). Performing Dos Attack using LOIC - Kali Linux -lecture 19. [online]
Available at: http://hackison.blogspot.com/2016/05/performing-dos-attack-using-loic-
kali_4.html [Accessed 1 Nov. 2018].
Halton, W. and Bo Weaver (2016). Kali Linux 2: Windows Penetration Testing. Packt
Publishing.
Halton, W., Weaver, B., Ansari, J., Kotipalli, S. and Imran, M. (2017). Penetration Testing.
Birmingham: Packt Publishing.
Ha, J. (2016). Preprocessor Implementation of Open IDS Snort for Smart Manufacturing
Industry Network. Journal of the Korea Institute of Information Security and Cryptology, 26(5),
pp.1313-1322.
Hatua, A. (2014). Optimal Feature Selection from VMware ESXi 5.1 Feature Set. International
Journal of Chaos, Control, Modelling and Simulation, 3(3), pp.1-8.
Herrod, S. (2010). Systems research and development at VMware. ACM SIGOPS Operating
Systems Review, 44(4), pp.1-2.
Hong, S. (2014). Analysis of DDoS Attack and Countermeasure: Survey. The Journal of Digital
Policy and Management, 12(1), pp.423-429.
109
ons. Network Security, 2005(4), pp.19-20.
Guo, F., Kim, S., Baskakov, Y. and Banerjee, I. (2015). Proactively Breaking Large Pages to
Improve Memory Overcommitment Performance in VMware ESXi. ACM SIGPLAN Notices,
50(7), pp.39-51.
Geddam, R. and Sarkar, P. (2013). Instant VMware view virtualization how-to. Birmingham,
U.K.: Packt Pub.
Gupta, B. (2011). An introduction to DDoS attacks and defense mechanisms. Saarbrücken: Lap
Lambert Academic Pub.
Guthrie, F. and Lowe, S. (2013). VMware vSphere design. Indianapolis, Indiana: John Wiley &
Sons.
GBHackers On Security. (2018). Kali Linux Tutorial - Most Powerful DoS tool XERXES.
[online] Available at: https://gbhackers.com/xerxes-kali-linux-tutorial/ [Accessed 1 Nov. 2018].
HACK IS ON. (2018). Performing Dos Attack using LOIC - Kali Linux -lecture 19. [online]
Available at: http://hackison.blogspot.com/2016/05/performing-dos-attack-using-loic-
kali_4.html [Accessed 1 Nov. 2018].
Halton, W. and Bo Weaver (2016). Kali Linux 2: Windows Penetration Testing. Packt
Publishing.
Halton, W., Weaver, B., Ansari, J., Kotipalli, S. and Imran, M. (2017). Penetration Testing.
Birmingham: Packt Publishing.
Ha, J. (2016). Preprocessor Implementation of Open IDS Snort for Smart Manufacturing
Industry Network. Journal of the Korea Institute of Information Security and Cryptology, 26(5),
pp.1313-1322.
Hatua, A. (2014). Optimal Feature Selection from VMware ESXi 5.1 Feature Set. International
Journal of Chaos, Control, Modelling and Simulation, 3(3), pp.1-8.
Herrod, S. (2010). Systems research and development at VMware. ACM SIGOPS Operating
Systems Review, 44(4), pp.1-2.
Hong, S. (2014). Analysis of DDoS Attack and Countermeasure: Survey. The Journal of Digital
Policy and Management, 12(1), pp.423-429.
109
Fenech, J. and Fenech, J. (2018). How to set up a vSphere Home Lab for FREE. [online] Altaro's
VMware Hub and blog. Available at:
https://www.altaro.com/vmware/vsphere-home-lab-free/#m1 [Accessed 30 Oct. 2018].
Impact Evaluation of DDoS Attacks on DNS Cache Server Using Queuing Model. (2013). KSII
Transactions on Internet and Information Systems, 7(4), pp.895-909.
Jaswal, N., Agarwal, M., Singh, A. and Teixeira, D. (2018). Metasploit Penetration Testing
Cookbook. Birmingham: Packt Publishing.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), p.4.
Kandias, M. and Gritzalis, D. (2013). Metasploit the Penetration Tester's Guide. Computers &
Security, 32, pp.268-269.
Kb.vmware.com. (2018). VMware Knowledge Base. [online] Available at:
https://kb.vmware.com/s/article/2008226 [Accessed 30 Oct. 2018].
Khandelwal, N. and Khandelwal, N. (2018). Protecting Web Servers from DDoS Attacks.
[online] Small Biz Resources. Available at: http://smallbiz-resources.com/protecting-web-
servers-ddos-attacks/ [Accessed 30 Oct. 2018].
Khandelwal, S. (2018). 'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All.
[online] The Hacker News. Available at: https://thehackernews.com/2018/03/prevent-
memcached-ddos.html [Accessed 30 Oct. 2018].
Krebsonsecurity.com. (2018). Powerful New DDoS Method Adds Extortion — Krebs on Security.
[online] Available at: https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-
extortion/ [Accessed 30 Oct. 2018].
Kennedy, D. (2011). Metasploit. San Francisco, Calif: No Starch Press.
Khawaja, G. (2018). Practical Web Penetration Testing. Birmingham: Packt Publishing Ltd.
Kim, A., Lee, D. and Jang, S. (2012). The Effectiveness Evaluation Methods of DDoS Attacks
Countermeasures Techniques using Simulation. Journal of the Korea Society for Simulation,
21(3), pp.17-24.
Kurniawan, D., Nashrullah, M., Kurniasih, N., Achmad Daengs, G. and Kurniawan, C. (2018).
Performance analysis virtual server VMware Vsphere 5.5 with physical enterprise server. IOP
Conference Series: Materials Science and Engineering, 420, p.012107.
110
VMware Hub and blog. Available at:
https://www.altaro.com/vmware/vsphere-home-lab-free/#m1 [Accessed 30 Oct. 2018].
Impact Evaluation of DDoS Attacks on DNS Cache Server Using Queuing Model. (2013). KSII
Transactions on Internet and Information Systems, 7(4), pp.895-909.
Jaswal, N., Agarwal, M., Singh, A. and Teixeira, D. (2018). Metasploit Penetration Testing
Cookbook. Birmingham: Packt Publishing.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), p.4.
Kandias, M. and Gritzalis, D. (2013). Metasploit the Penetration Tester's Guide. Computers &
Security, 32, pp.268-269.
Kb.vmware.com. (2018). VMware Knowledge Base. [online] Available at:
https://kb.vmware.com/s/article/2008226 [Accessed 30 Oct. 2018].
Khandelwal, N. and Khandelwal, N. (2018). Protecting Web Servers from DDoS Attacks.
[online] Small Biz Resources. Available at: http://smallbiz-resources.com/protecting-web-
servers-ddos-attacks/ [Accessed 30 Oct. 2018].
Khandelwal, S. (2018). 'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All.
[online] The Hacker News. Available at: https://thehackernews.com/2018/03/prevent-
memcached-ddos.html [Accessed 30 Oct. 2018].
Krebsonsecurity.com. (2018). Powerful New DDoS Method Adds Extortion — Krebs on Security.
[online] Available at: https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-
extortion/ [Accessed 30 Oct. 2018].
Kennedy, D. (2011). Metasploit. San Francisco, Calif: No Starch Press.
Khawaja, G. (2018). Practical Web Penetration Testing. Birmingham: Packt Publishing Ltd.
Kim, A., Lee, D. and Jang, S. (2012). The Effectiveness Evaluation Methods of DDoS Attacks
Countermeasures Techniques using Simulation. Journal of the Korea Society for Simulation,
21(3), pp.17-24.
Kurniawan, D., Nashrullah, M., Kurniasih, N., Achmad Daengs, G. and Kurniawan, C. (2018).
Performance analysis virtual server VMware Vsphere 5.5 with physical enterprise server. IOP
Conference Series: Materials Science and Engineering, 420, p.012107.
110
Khandelwal, N. and Khandelwal, N. (2018). Protecting Web Servers from DDoS Attacks.
[online] Small Biz Resources. Available at: http://smallbiz-resources.com/protecting-web-
servers-ddos-attacks/ [Accessed 30 Oct. 2018].
Lee, J. and Hong, C. (2013). Nonparametric Detection Methods against DDoS Attack. Korean
Journal of Applied Statistics, 26(2), pp.291-305.
Li, C. (2014). Research on the Virtualization Construction of University Data Center Server
Based on VMware vSphere. Advanced Materials Research, 1078, pp.375-379.
Li, Y. (2014). Analysis of the Snort Building Code Based on IDS. Applied Mechanics and
Materials, 543-547, pp.2965-2968.
Long, R. and Storey, M. (2014). Use of VMware for providing cloud infrastructure for the
Grid. Journal of Physics: Conference Series, 513(3), p.032061.
L. Pritchett, W. (2013). Kali Linux Cookbook. Packt Publishing.
Liebowitz, M., Kusek, C. and Spies, R. (2014). VMware vSphere Performance. Hoboken: Wiley.
Liu, H. (n.d.). A collaborative defense framework against DDoS attacks in networks.
Lowe, S., Marshall, N., Guthrie, F., Liebowitz, M. and Atwell, J. (2013). Mastering VMware
vSphere 5. Hoboken: Wiley.
Marshall, N. and Lowe, S. (2014). Mastering VMware vSphere 5.5. Indianapolis, Indiana: Sybex.
Marshall, N., Orchard, G., Atwell, J. and Lowe, S. (2015). Mastering VMware vSphere 6.
Indianapolis, Indiana: Sybex.
Maynor, D. and Mookhey, K. (2007). Metasploit toolkit for penetration testing, exploit
development, and vulnerability research. Burlington, MA: Syngress.
Metasploit Penetration Testing Cookbook. (2013). Network Security, 2013(11), p.4.
Mills, C. (2015). vCenter troubleshooting. Birmingham, UK: Packt Publishing.
Mishra, C. (2018). Wireshark 2 Quick Start Guide. Birmingham: Packt Publishing Ltd.
Moreno, V. and Reddy, K. (2006). Network virtualization. Indianapolis, Ind.: Cisco Press.
Motoma.io. (2018). Using PyLoris. [online] Available at: https://motoma.io/usage/ [Accessed 1
Nov. 2018].
Mukhopadhyay, I., Goswami, S. and Mandal, E. (2014). Web Penetration Testing using Nessus
and Metasploit Tool. IOSR Journal of Computer Engineering, 16(3), pp.126-129.
Mirkovic, J. and Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense
mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), p.39.
111
[online] Small Biz Resources. Available at: http://smallbiz-resources.com/protecting-web-
servers-ddos-attacks/ [Accessed 30 Oct. 2018].
Lee, J. and Hong, C. (2013). Nonparametric Detection Methods against DDoS Attack. Korean
Journal of Applied Statistics, 26(2), pp.291-305.
Li, C. (2014). Research on the Virtualization Construction of University Data Center Server
Based on VMware vSphere. Advanced Materials Research, 1078, pp.375-379.
Li, Y. (2014). Analysis of the Snort Building Code Based on IDS. Applied Mechanics and
Materials, 543-547, pp.2965-2968.
Long, R. and Storey, M. (2014). Use of VMware for providing cloud infrastructure for the
Grid. Journal of Physics: Conference Series, 513(3), p.032061.
L. Pritchett, W. (2013). Kali Linux Cookbook. Packt Publishing.
Liebowitz, M., Kusek, C. and Spies, R. (2014). VMware vSphere Performance. Hoboken: Wiley.
Liu, H. (n.d.). A collaborative defense framework against DDoS attacks in networks.
Lowe, S., Marshall, N., Guthrie, F., Liebowitz, M. and Atwell, J. (2013). Mastering VMware
vSphere 5. Hoboken: Wiley.
Marshall, N. and Lowe, S. (2014). Mastering VMware vSphere 5.5. Indianapolis, Indiana: Sybex.
Marshall, N., Orchard, G., Atwell, J. and Lowe, S. (2015). Mastering VMware vSphere 6.
Indianapolis, Indiana: Sybex.
Maynor, D. and Mookhey, K. (2007). Metasploit toolkit for penetration testing, exploit
development, and vulnerability research. Burlington, MA: Syngress.
Metasploit Penetration Testing Cookbook. (2013). Network Security, 2013(11), p.4.
Mills, C. (2015). vCenter troubleshooting. Birmingham, UK: Packt Publishing.
Mishra, C. (2018). Wireshark 2 Quick Start Guide. Birmingham: Packt Publishing Ltd.
Moreno, V. and Reddy, K. (2006). Network virtualization. Indianapolis, Ind.: Cisco Press.
Motoma.io. (2018). Using PyLoris. [online] Available at: https://motoma.io/usage/ [Accessed 1
Nov. 2018].
Mukhopadhyay, I., Goswami, S. and Mandal, E. (2014). Web Penetration Testing using Nessus
and Metasploit Tool. IOSR Journal of Computer Engineering, 16(3), pp.126-129.
Mirkovic, J. and Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense
mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), p.39.
111
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
networklibrary. (2018). HTTPS-DoS Attack using “slowhttptest”. [online] Available at:
https://networklibrary.wordpress.com/2015/09/01/https-dos-attack-using-slowhttptest/ [Accessed
1 Nov. 2018].
Nomnga, N., P., P., Scott, S., S., M., Nyambi, N. and P, B. (2014). A Technical Cost Effective
Network-Domain Hosting through Virtualization: a VMware ESXi and vSphere Client
Approach. International Journal of Computer Applications, 91(10), pp.39-47.
Ntrg.cs.tcd.ie. (2018). Denial of Service and Countermeasures. [online] Available at:
http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group2/ [Accessed 30 Oct. 2018].
Panca, B. (2017). Performance Analysis of NFS Protocol Usage on VMware ESXi
Datastore. Jurnal Teknik Informatika dan Sistem Informasi, 3(1).
Paloaltonetworks.com. (2018). What is a Distributed Denial of Service Attack (DDoS)? - Palo
Alto Networks. [online] Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-a-
ddos-attack [Accessed 25 Oct. 2018].
Pen-testing.sans.org. (2018). SANS Penetration Testing | Setting up Backdoors and Reverse
Shells on VMware Hypervisors | SANS Institute. [online] Available at: https://pen-
testing.sans.org/blog/2013/07/16/setting-up-backdoors-and-reverse-shells-on-vmware-
hypervisors [Accessed 25 Oct. 2018].
Pettit, J., Pfaff, B., Stringer, J., Tu, C., Blanco, B. and Tessmer, A. (2018). Bringing Platform
Harmony to VMware NSX. ACM SIGOPS Operating Systems Review, 51(1), pp.123-128.
Priyadharshini, E., Vijayakumar, V. and Abdul Quadir, M. (2018). Towards a cloud consumers
credibility assessment and trust management of cloud services. EAI Endorsed Transactions on
Cloud Systems, 3(12), p.154775.
Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A. and Knightly, E. (2009). DDoS-Shield:
DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on
Networking, 17(1), pp.26-39.
Ramanauskaitė, S., Goranin, N., Čenys, A. and Juknius, J. (2014). Modelling influence of Botnet
features on effectiveness of DDoS attacks. Security and Communication Networks, 8(12),
pp.2090-2101.
Reduction in Infrastructure and operating costs using Server Virtualization. (2016). International
Journal Of Engineering And Computer Science.
112
https://networklibrary.wordpress.com/2015/09/01/https-dos-attack-using-slowhttptest/ [Accessed
1 Nov. 2018].
Nomnga, N., P., P., Scott, S., S., M., Nyambi, N. and P, B. (2014). A Technical Cost Effective
Network-Domain Hosting through Virtualization: a VMware ESXi and vSphere Client
Approach. International Journal of Computer Applications, 91(10), pp.39-47.
Ntrg.cs.tcd.ie. (2018). Denial of Service and Countermeasures. [online] Available at:
http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group2/ [Accessed 30 Oct. 2018].
Panca, B. (2017). Performance Analysis of NFS Protocol Usage on VMware ESXi
Datastore. Jurnal Teknik Informatika dan Sistem Informasi, 3(1).
Paloaltonetworks.com. (2018). What is a Distributed Denial of Service Attack (DDoS)? - Palo
Alto Networks. [online] Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-a-
ddos-attack [Accessed 25 Oct. 2018].
Pen-testing.sans.org. (2018). SANS Penetration Testing | Setting up Backdoors and Reverse
Shells on VMware Hypervisors | SANS Institute. [online] Available at: https://pen-
testing.sans.org/blog/2013/07/16/setting-up-backdoors-and-reverse-shells-on-vmware-
hypervisors [Accessed 25 Oct. 2018].
Pettit, J., Pfaff, B., Stringer, J., Tu, C., Blanco, B. and Tessmer, A. (2018). Bringing Platform
Harmony to VMware NSX. ACM SIGOPS Operating Systems Review, 51(1), pp.123-128.
Priyadharshini, E., Vijayakumar, V. and Abdul Quadir, M. (2018). Towards a cloud consumers
credibility assessment and trust management of cloud services. EAI Endorsed Transactions on
Cloud Systems, 3(12), p.154775.
Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A. and Knightly, E. (2009). DDoS-Shield:
DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on
Networking, 17(1), pp.26-39.
Ramanauskaitė, S., Goranin, N., Čenys, A. and Juknius, J. (2014). Modelling influence of Botnet
features on effectiveness of DDoS attacks. Security and Communication Networks, 8(12),
pp.2090-2101.
Reduction in Infrastructure and operating costs using Server Virtualization. (2016). International
Journal Of Engineering And Computer Science.
112
Saganowski, Ł. and Andrysiak, T. (2012). Snort IDS Hybrid ADS Preprocessor. Image
Processing & Communications, 17(4), pp.17-22.
Seget (2018). How to install and configure an ESXi 6.5 host. [online] 4sysops. Available at:
https://4sysops.com/archives/how-to-install-and-configure-an-esxi-6-5-host/ [Accessed 25 Oct.
2018].
Sophos Community. (2018). Vsphere 6.5 + XG Firewall - Initial Setup - XG Firewall - Sophos
Community. [online] Available at: https://community.sophos.com/products/xg-firewall/f/initial-
setup/95397/vsphere-6-5-xg-firewall [Accessed 25 Oct. 2018].
SearchSecurity. (2018). What is distributed denial of service (DDoS) attack? - Definition from
WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/distributed-
denial-of-service-attack [Accessed 30 Oct. 2018].
Server Virtualization using Cloud Environment for Data Storage & Backup.
(2016). International Journal of Science and Research (IJSR), 5(6), pp.449-452.
Saroh, C. and Saroh, C. (2018). Kali Linux Tutorial - Most Effective DDOs - SLOWLORIS.
[online] IRON KALI. Available at: http://ironkali.blogspot.com/2014/03/tutorial-ddos-kali-
linux-most-effective.html [Accessed 1 Nov. 2018].
Sowells, J., Sowells, J., Sowells, J., Jones, K. and Jones, K. (2018). Distributed Denial of
Service Attack (DDOS) Using Kali Linux. [online] Hackercombat.com. Available at:
https://hackercombat.com/denial-service-ddos-attack-using-kali-linux/ [Accessed 1 Nov. 2018].
thehackerschoice. (2018). THC SSL DOS. [online] Available at:
https://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/ [Accessed 1 Nov. 2018].
Tennenhouse, D. (2017). Research at VMware. ACM SIGOPS Operating Systems Review, 51(1),
pp.1-4.
Thota, S. (2018). VMWARE Virtualization - Physical to Virtual Migration. International
Journal of Computer Trends and Technology, 58(2), pp.65-75.
Us.norton.com. (2018). DOS Attacks Explained. [online] Available at:
https://us.norton.com/internetsecurity-emerging-threats-dos-attacks-explained.html [Accessed 25
Oct. 2018].
VMWare. (2018). vCenter Server: Centralized visibility, proactive management and extensibility
for VMware vSphere from a single console. [online] Available at:
http://www.vmware.com/products/vcenter-server/ [Accessed 30 Oct. 2018].
113
Processing & Communications, 17(4), pp.17-22.
Seget (2018). How to install and configure an ESXi 6.5 host. [online] 4sysops. Available at:
https://4sysops.com/archives/how-to-install-and-configure-an-esxi-6-5-host/ [Accessed 25 Oct.
2018].
Sophos Community. (2018). Vsphere 6.5 + XG Firewall - Initial Setup - XG Firewall - Sophos
Community. [online] Available at: https://community.sophos.com/products/xg-firewall/f/initial-
setup/95397/vsphere-6-5-xg-firewall [Accessed 25 Oct. 2018].
SearchSecurity. (2018). What is distributed denial of service (DDoS) attack? - Definition from
WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/distributed-
denial-of-service-attack [Accessed 30 Oct. 2018].
Server Virtualization using Cloud Environment for Data Storage & Backup.
(2016). International Journal of Science and Research (IJSR), 5(6), pp.449-452.
Saroh, C. and Saroh, C. (2018). Kali Linux Tutorial - Most Effective DDOs - SLOWLORIS.
[online] IRON KALI. Available at: http://ironkali.blogspot.com/2014/03/tutorial-ddos-kali-
linux-most-effective.html [Accessed 1 Nov. 2018].
Sowells, J., Sowells, J., Sowells, J., Jones, K. and Jones, K. (2018). Distributed Denial of
Service Attack (DDOS) Using Kali Linux. [online] Hackercombat.com. Available at:
https://hackercombat.com/denial-service-ddos-attack-using-kali-linux/ [Accessed 1 Nov. 2018].
thehackerschoice. (2018). THC SSL DOS. [online] Available at:
https://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/ [Accessed 1 Nov. 2018].
Tennenhouse, D. (2017). Research at VMware. ACM SIGOPS Operating Systems Review, 51(1),
pp.1-4.
Thota, S. (2018). VMWARE Virtualization - Physical to Virtual Migration. International
Journal of Computer Trends and Technology, 58(2), pp.65-75.
Us.norton.com. (2018). DOS Attacks Explained. [online] Available at:
https://us.norton.com/internetsecurity-emerging-threats-dos-attacks-explained.html [Accessed 25
Oct. 2018].
VMWare. (2018). vCenter Server: Centralized visibility, proactive management and extensibility
for VMware vSphere from a single console. [online] Available at:
http://www.vmware.com/products/vcenter-server/ [Accessed 30 Oct. 2018].
113
VMware patches security flaws. (2007). Network Security, 2007(10), p.2.
Vuletić, D. and Nojković, N. (2018). Realization of a TCP Syn Flood Attack using Kali
Linux. Vojnotehnicki glasnik, 66(3), pp.640-649.
Waldspurger, C. (2002). Memory resource management in VMware ESX server. ACM SIGOPS
Operating Systems Review, 36(SI), p.181.
WEN, Y. (2008). Detecting hidden process with local virtualization technology. Journal of
Computer Applications, 28(7), pp.1769-1771.
Wu, C. (n.d.). On network-layer packet traceback: Tracing denial-of-service (DoS) and
distributed denial-of-service (DDoS) attacks.
www.digitraptor.com. (2018). Dos attack using Kali Linux 2.0 with Loic. [online] Available at:
http://www.digitraptor.com/blog/pages/dos-attack-using-loic-in-kali-linux.html [Accessed 1
Nov. 2018].
XIANG, G., JIN, H., ZOU, D. and CHEN, X. (2012). Virtualization-Based Security
Monitoring. Journal of Software, 23(8), pp.2173-2187.
Yang, X. (2018). DDoS Attacks Defense Mechanism based on Secure Routing
Alliance. International Journal of Performability Engineering.
Yeah Hub. (2018). Denial of Service - Attack | Types | Countermeasures - Yeah Hub. [online]
Available at: https://www.yeahhub.com/denial-service-attack-types-countermeasures/ [Accessed
30 Oct. 2018].
Yeah Hub. (2018). Perform DOS Attack with 5 Different Tools - 2018 Update - Yeah Hub.
[online] Available at: https://www.yeahhub.com/perform-dos-attack-5-different-tools-2018-
update/ [Accessed 1 Nov. 2018].
ZHANG, J. and QIN, Z. (2010). Modified method of detecting DDoS attacks based on
entropy. Journal of Computer Applications, 30(7), pp.1778-1781.
ZHANG, Y. and KANG, L. (2009). An improved model of Snort system based on data
mining. Journal of Computer Applications, 29(2), pp.409-411.
ZHANG, Y., XIAO, J., YUN, X. and WANG, F. (2012). DDoS Attacks Detection and Control
Mechanisms. Journal of Software, 23(8), pp.2058-2072.
Zuo, H. and Chen, X. (2014). The Analysis of Storage Efficiency in VMware Virtualization
Environment. Applied Mechanics and Materials, 697, pp.438-441.
114
Vuletić, D. and Nojković, N. (2018). Realization of a TCP Syn Flood Attack using Kali
Linux. Vojnotehnicki glasnik, 66(3), pp.640-649.
Waldspurger, C. (2002). Memory resource management in VMware ESX server. ACM SIGOPS
Operating Systems Review, 36(SI), p.181.
WEN, Y. (2008). Detecting hidden process with local virtualization technology. Journal of
Computer Applications, 28(7), pp.1769-1771.
Wu, C. (n.d.). On network-layer packet traceback: Tracing denial-of-service (DoS) and
distributed denial-of-service (DDoS) attacks.
www.digitraptor.com. (2018). Dos attack using Kali Linux 2.0 with Loic. [online] Available at:
http://www.digitraptor.com/blog/pages/dos-attack-using-loic-in-kali-linux.html [Accessed 1
Nov. 2018].
XIANG, G., JIN, H., ZOU, D. and CHEN, X. (2012). Virtualization-Based Security
Monitoring. Journal of Software, 23(8), pp.2173-2187.
Yang, X. (2018). DDoS Attacks Defense Mechanism based on Secure Routing
Alliance. International Journal of Performability Engineering.
Yeah Hub. (2018). Denial of Service - Attack | Types | Countermeasures - Yeah Hub. [online]
Available at: https://www.yeahhub.com/denial-service-attack-types-countermeasures/ [Accessed
30 Oct. 2018].
Yeah Hub. (2018). Perform DOS Attack with 5 Different Tools - 2018 Update - Yeah Hub.
[online] Available at: https://www.yeahhub.com/perform-dos-attack-5-different-tools-2018-
update/ [Accessed 1 Nov. 2018].
ZHANG, J. and QIN, Z. (2010). Modified method of detecting DDoS attacks based on
entropy. Journal of Computer Applications, 30(7), pp.1778-1781.
ZHANG, Y. and KANG, L. (2009). An improved model of Snort system based on data
mining. Journal of Computer Applications, 29(2), pp.409-411.
ZHANG, Y., XIAO, J., YUN, X. and WANG, F. (2012). DDoS Attacks Detection and Control
Mechanisms. Journal of Software, 23(8), pp.2058-2072.
Zuo, H. and Chen, X. (2014). The Analysis of Storage Efficiency in VMware Virtualization
Environment. Applied Mechanics and Materials, 697, pp.438-441.
114
1 out of 115
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.