Final Year Project: Flooding Attack Detection with Wireshark Analysis
VerifiedAdded on 2023/06/03
|53
|13458
|342
Project
AI Summary
This dissertation presents a comprehensive study on flooding attack detection using anomaly techniques with Wireshark. It begins with an introduction to flooding attacks, including various types such as UDP, ICMP, SYN, and HTTP floods, and their impact on network infrastructure. The research explores the features of a Flood Detection System (FDS) and the issues associated with detecting these attacks, such as packet classification and detection mechanism placement. The study delves into the functionality of Wireshark, detailing the process of capturing, viewing, and analyzing network packets. It then simulates network attacks, using Wireshark to identify and analyze the attack patterns. The methodology involves using various commands within Wireshark to scan active hosts, identify open ports, and detect brute-force attacks, including MAC flooding. The research evaluates the effectiveness of anomaly detection in identifying these attacks. The project culminates in conclusions, recommendations for improving detection methods, and a discussion of the research objectives.
Running head: DISSERTATION
Flooding attack Detection using Anomaly Techniques with Wireshark
Name of the Student-
Name of the University-
Author’s Note-
Flooding attack Detection using Anomaly Techniques with Wireshark
Name of the Student-
Name of the University-
Author’s Note-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1DISSERTATION
Table of Contents
1. Introduction..................................................................................................................................1
1.1 Background Study.................................................................................................................1
1.2 Scope of the Research............................................................................................................3
1.3 Aim of the Research..............................................................................................................4
1.4 Objective of the Research......................................................................................................4
1.5 Research Questions................................................................................................................4
2. Literature Review........................................................................................................................5
2.1 Feature of Flood Detection System.......................................................................................5
2.2 Different Flooding attacks.....................................................................................................7
UDP Flood...............................................................................................................................7
ICMP Flood (Ping)..................................................................................................................8
SYN Flood...............................................................................................................................9
Ping of Death (POD)...............................................................................................................9
Slowloris................................................................................................................................10
NTP Amplification................................................................................................................10
HTTP Flood...........................................................................................................................11
2.3 Issues that are related with the Flooding Detection.............................................................12
Packet Classification..............................................................................................................12
Placement of Detection Mechanism......................................................................................13
Table of Contents
1. Introduction..................................................................................................................................1
1.1 Background Study.................................................................................................................1
1.2 Scope of the Research............................................................................................................3
1.3 Aim of the Research..............................................................................................................4
1.4 Objective of the Research......................................................................................................4
1.5 Research Questions................................................................................................................4
2. Literature Review........................................................................................................................5
2.1 Feature of Flood Detection System.......................................................................................5
2.2 Different Flooding attacks.....................................................................................................7
UDP Flood...............................................................................................................................7
ICMP Flood (Ping)..................................................................................................................8
SYN Flood...............................................................................................................................9
Ping of Death (POD)...............................................................................................................9
Slowloris................................................................................................................................10
NTP Amplification................................................................................................................10
HTTP Flood...........................................................................................................................11
2.3 Issues that are related with the Flooding Detection.............................................................12
Packet Classification..............................................................................................................12
Placement of Detection Mechanism......................................................................................13
2DISSERTATION
Discrepancy between SYNs and FINs...................................................................................15
2.4 Introduction of Wireshark....................................................................................................16
3. Data Evaluation.........................................................................................................................18
3.1 Using of Wireshark..............................................................................................................18
3.1.1 Process to Download and Install Wireshark.................................................................18
3.1.2 Process to Capture Data Packets...................................................................................19
3.1.3 To View and Analyze Packet Contents........................................................................20
3.1.4 Color Rules of Wireshark.............................................................................................21
3.2 Simulation of the Network Attack and using Wireshark for its Detection..........................22
3.2.1 Command used for scanning the active host in the network:.......................................22
3.2.2. Open ports of the targeted host is scanned using the following command:................25
3.2.3. For finding the service running on the port the following command is used..............26
3.2.4. In the next step the metasploitable console is started using the following command. 27
3.2.5. Brute Force attack using File Transfer protocol..........................................................31
3.2.6 Tools used for simulating the attack.............................................................................33
3.2.7 MAC flooding...............................................................................................................35
3.3 Summary..............................................................................................................................37
4. Conclusion and Recommendation.............................................................................................37
4.1 Conclusion...........................................................................................................................37
4.2 Linking with the Objective..................................................................................................39
Discrepancy between SYNs and FINs...................................................................................15
2.4 Introduction of Wireshark....................................................................................................16
3. Data Evaluation.........................................................................................................................18
3.1 Using of Wireshark..............................................................................................................18
3.1.1 Process to Download and Install Wireshark.................................................................18
3.1.2 Process to Capture Data Packets...................................................................................19
3.1.3 To View and Analyze Packet Contents........................................................................20
3.1.4 Color Rules of Wireshark.............................................................................................21
3.2 Simulation of the Network Attack and using Wireshark for its Detection..........................22
3.2.1 Command used for scanning the active host in the network:.......................................22
3.2.2. Open ports of the targeted host is scanned using the following command:................25
3.2.3. For finding the service running on the port the following command is used..............26
3.2.4. In the next step the metasploitable console is started using the following command. 27
3.2.5. Brute Force attack using File Transfer protocol..........................................................31
3.2.6 Tools used for simulating the attack.............................................................................33
3.2.7 MAC flooding...............................................................................................................35
3.3 Summary..............................................................................................................................37
4. Conclusion and Recommendation.............................................................................................37
4.1 Conclusion...........................................................................................................................37
4.2 Linking with the Objective..................................................................................................39
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3DISSERTATION
4.3 Recommendations................................................................................................................40
References......................................................................................................................................42
4.3 Recommendations................................................................................................................40
References......................................................................................................................................42
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4DISSERTATION
Table of Figures
Figure 1: TCP states for establishing normal connection................................................................9
Figure 2: Packet Classification Flowchart at Leaf Routers...........................................................16
Figure 3: FDS Installation at Leaf Router.....................................................................................18
Figure 4: Command used for Scanning the Active Host in the Network......................................27
Figure 5: Open Ports of the Targeted Host is scanned..................................................................28
Figure 6: Finding the Service Running on the Port.......................................................................30
Figure 7: Starting Metasploitable Console....................................................................................34
Figure 8: Brute Force Attack.........................................................................................................36
Figure 9: Pinging the Targeted Host..............................................................................................38
Figure 10: Pinging the Targeted Host............................................................................................38
Figure 11: Using Mac Flood..........................................................................................................40
Table of Figures
Figure 1: TCP states for establishing normal connection................................................................9
Figure 2: Packet Classification Flowchart at Leaf Routers...........................................................16
Figure 3: FDS Installation at Leaf Router.....................................................................................18
Figure 4: Command used for Scanning the Active Host in the Network......................................27
Figure 5: Open Ports of the Targeted Host is scanned..................................................................28
Figure 6: Finding the Service Running on the Port.......................................................................30
Figure 7: Starting Metasploitable Console....................................................................................34
Figure 8: Brute Force Attack.........................................................................................................36
Figure 9: Pinging the Targeted Host..............................................................................................38
Figure 10: Pinging the Targeted Host............................................................................................38
Figure 11: Using Mac Flood..........................................................................................................40
5DISSERTATION
Title: Flooding attack Detection using Anomaly Techniques with Wireshark
1. Introduction
1.1 Background Study
Flooding attack can be described as assault technique on the computer network. The
assailant in a flooding attack sends different surges to the users or the administration so that they
can cut down the framework of the network (Hussain et al. 2016). There are many flooding
assaults such as UDP surges, ping surge as well as Syn surge. There are many more surges that
are a part of flooding attack. There are many challenges that describes a state of ping surge
affairs that makes use of ping order for operating the framework as well as wireshark which is to
be delivered. This also helps to setup the casualty that can be utilized which can divide quantity
of all ping parcels that got amid to a predefined period related with edge where the flooding
attack is studied.
The TCP SYN flood is commonly known as DDoS attack (Distributed Denial of Service)
which exploits the normal part of three way handshake of TCP that consumes all resources of
target server as well as render its unresponsive. With the flooding attacks, the mechanism of
three way handshake of TCP gets exploits and there are limitations to maintain the connections
that are half opened (Choi et al. 2014). That particular time when a server receives or gets a SYN
request, the server returns the packet of SYN/ACK (Known as SYN acknowledgement) back to
client. Until the client acknowledges the packet containing SYN/ACK, the connection is stated to
remain in a half open state till when the TCP connection gets timeout. This connection remains
in half open state almost for 75 seconds. Each server has a backlog queue in the memory of the
system so that it can maintain the half open connection. The backlog queue of the system has a
Title: Flooding attack Detection using Anomaly Techniques with Wireshark
1. Introduction
1.1 Background Study
Flooding attack can be described as assault technique on the computer network. The
assailant in a flooding attack sends different surges to the users or the administration so that they
can cut down the framework of the network (Hussain et al. 2016). There are many flooding
assaults such as UDP surges, ping surge as well as Syn surge. There are many more surges that
are a part of flooding attack. There are many challenges that describes a state of ping surge
affairs that makes use of ping order for operating the framework as well as wireshark which is to
be delivered. This also helps to setup the casualty that can be utilized which can divide quantity
of all ping parcels that got amid to a predefined period related with edge where the flooding
attack is studied.
The TCP SYN flood is commonly known as DDoS attack (Distributed Denial of Service)
which exploits the normal part of three way handshake of TCP that consumes all resources of
target server as well as render its unresponsive. With the flooding attacks, the mechanism of
three way handshake of TCP gets exploits and there are limitations to maintain the connections
that are half opened (Choi et al. 2014). That particular time when a server receives or gets a SYN
request, the server returns the packet of SYN/ACK (Known as SYN acknowledgement) back to
client. Until the client acknowledges the packet containing SYN/ACK, the connection is stated to
remain in a half open state till when the TCP connection gets timeout. This connection remains
in half open state almost for 75 seconds. Each server has a backlog queue in the memory of the
system so that it can maintain the half open connection. The backlog queue of the system has a
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6DISSERTATION
finite size. When the queue of backlog is full, the limit of the queue is full and at that time all the
connections are dropped.
When SYN request is being spoofed, the server of the victim will not get final packet of
ACK for completing the 3-way handshake (Sahi et al. 2017). The Spoofed requests of SYN
flooding gets easily exhausted to the backlog queue of the victim server. This helps to drop all
the SYN requests. The destination and the stateless based nature of the Internet routine
infrastructure is not able to make a difference between spoofed SYN and the legitimate SYN.
TCP also do not offer very strong authentication on the SYN packets. So when there is SYN
flooding attack, the victim associated with the attack is not able to respond or find out the
legitimate SYN requests ignoring spoofed attack.
To mitigate the SYN flooding attack, there lies several mechanism that defends the
attack. The mechanism that defends the SYN flooding are Synkill, Syn proxying, SynDefender,
Syn cookies, and Syn cache. All the stated above defense mechanism are usually installed in the
firewall server of victim or may also be installed in the server of the victim (Kwon et al. 2015).
Because of these defense mechanisms, sources of SYN flooding attack cannot be detected. The
victims needs to depend on IP trace that are usually expensive for locating the sources of
flooding attack. The defense mechanism described above is stateful mechanism in which all
states are being maintained for all available TCP connection or the state might also require
computation. These solutions makes all defense mechanism exposed to attack to the SYN
attacks. There are many experiments that states the specialized firewall which resist the SYN
flood. These specialized firewall becomes futile for at least 14,000 packets of data in one second.
The stateful mechanism also degrades end – end performance of TCP by incurring the longer
delays while setting the connection of TCP. When there is no attacks of SYN flooding, the
finite size. When the queue of backlog is full, the limit of the queue is full and at that time all the
connections are dropped.
When SYN request is being spoofed, the server of the victim will not get final packet of
ACK for completing the 3-way handshake (Sahi et al. 2017). The Spoofed requests of SYN
flooding gets easily exhausted to the backlog queue of the victim server. This helps to drop all
the SYN requests. The destination and the stateless based nature of the Internet routine
infrastructure is not able to make a difference between spoofed SYN and the legitimate SYN.
TCP also do not offer very strong authentication on the SYN packets. So when there is SYN
flooding attack, the victim associated with the attack is not able to respond or find out the
legitimate SYN requests ignoring spoofed attack.
To mitigate the SYN flooding attack, there lies several mechanism that defends the
attack. The mechanism that defends the SYN flooding are Synkill, Syn proxying, SynDefender,
Syn cookies, and Syn cache. All the stated above defense mechanism are usually installed in the
firewall server of victim or may also be installed in the server of the victim (Kwon et al. 2015).
Because of these defense mechanisms, sources of SYN flooding attack cannot be detected. The
victims needs to depend on IP trace that are usually expensive for locating the sources of
flooding attack. The defense mechanism described above is stateful mechanism in which all
states are being maintained for all available TCP connection or the state might also require
computation. These solutions makes all defense mechanism exposed to attack to the SYN
attacks. There are many experiments that states the specialized firewall which resist the SYN
flood. These specialized firewall becomes futile for at least 14,000 packets of data in one second.
The stateful mechanism also degrades end – end performance of TCP by incurring the longer
delays while setting the connection of TCP. When there is no attacks of SYN flooding, the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7DISSERTATION
overheads of the defense mechanism thus becomes more superfluous. To mitigate this issues,
there are also simple stateless mechanisms which helps in detecting the SYN attacks and also
helps to protect the flooding attacks. The mechanisms also can detect the attack when it is near
its source. This helps the tracer to track the flooding source easily without IP trace back that are
very expensive.
Simple methods are available for detecting the SYN flood attacks that are complementary
to defense system that are mentioned above. The simple technique for detecting the SYN attack
is the Flood Detection System (FDS). This is a statelessness as well as has very low computation
feature. The FDS is stated as by-product of the infrastructure of router which makes a difference
in the control packets of TCP from the data packets (Aborujilah and Musa 2017). With the help
of FDS, the attack of SYN flooding can be detected at the leaf routers which connects the end
hosts to Internet. This can be done in place of monitoring all ongoing traffic at the front end
same as the firewall or the proxy. Usually the FDS is deployed in the first mile or can be
deployed in the last mile of all leaf routers. The main advantages of using FDS in the first-mile
of a leaf router is mainly to gain proximity to all the flooding sources. When there is a SYN
flood in the first mile of the leaf router, all the information related to that particular location of
the flooding sources are detected as well as captured. All sources of flooding should be in subnet
where the leaf router stays connected. This helps to save all the work that is required to be done
by IP trace back.
1.2 Scope of the Research
The scope of this research study is to detect the flooding attacks that are that are possible
for online attack. The flooding attacks are detected using the anomaly techniques that are used in
Wireshark. There are many attacks that can be detected using Wireshark. Those attacks are
overheads of the defense mechanism thus becomes more superfluous. To mitigate this issues,
there are also simple stateless mechanisms which helps in detecting the SYN attacks and also
helps to protect the flooding attacks. The mechanisms also can detect the attack when it is near
its source. This helps the tracer to track the flooding source easily without IP trace back that are
very expensive.
Simple methods are available for detecting the SYN flood attacks that are complementary
to defense system that are mentioned above. The simple technique for detecting the SYN attack
is the Flood Detection System (FDS). This is a statelessness as well as has very low computation
feature. The FDS is stated as by-product of the infrastructure of router which makes a difference
in the control packets of TCP from the data packets (Aborujilah and Musa 2017). With the help
of FDS, the attack of SYN flooding can be detected at the leaf routers which connects the end
hosts to Internet. This can be done in place of monitoring all ongoing traffic at the front end
same as the firewall or the proxy. Usually the FDS is deployed in the first mile or can be
deployed in the last mile of all leaf routers. The main advantages of using FDS in the first-mile
of a leaf router is mainly to gain proximity to all the flooding sources. When there is a SYN
flood in the first mile of the leaf router, all the information related to that particular location of
the flooding sources are detected as well as captured. All sources of flooding should be in subnet
where the leaf router stays connected. This helps to save all the work that is required to be done
by IP trace back.
1.2 Scope of the Research
The scope of this research study is to detect the flooding attacks that are that are possible
for online attack. The flooding attacks are detected using the anomaly techniques that are used in
Wireshark. There are many attacks that can be detected using Wireshark. Those attacks are
8DISSERTATION
discussed in this research paper. The detection method of one such attack and the mitigation
process are also described briefly in this study.
1.3 Aim of the Research
The aim of this research paper is to study the features of Wireshark finding out the
flooding attacks. The flooding attacks are detected with the anomaly technologies that are used
in the Wireshark packet analyzer.
1.4 Objective of the Research
The objectives of the research paper are described below:
To find out the types of flooding attack that are possible for online attack.
To investigate all such issues that leads to detection of flooding attack.
To study the attack detection technique of flooding attack.
To evaluate the attack detection methodology for the anomaly detection.
To study the characteristics of Wireshark application in detecting the flooding attack.
1.5 Research Questions
The research question that will be addressed in this research paper includes
What are the types of flooding attack that are possible for online attack?
What are the issues that leads to detection of flooding attack?
How to carry out the attack detection technique of flooding attack?
What are the processes that helps to evaluate the attack detection methodology for the
anomaly detection?
discussed in this research paper. The detection method of one such attack and the mitigation
process are also described briefly in this study.
1.3 Aim of the Research
The aim of this research paper is to study the features of Wireshark finding out the
flooding attacks. The flooding attacks are detected with the anomaly technologies that are used
in the Wireshark packet analyzer.
1.4 Objective of the Research
The objectives of the research paper are described below:
To find out the types of flooding attack that are possible for online attack.
To investigate all such issues that leads to detection of flooding attack.
To study the attack detection technique of flooding attack.
To evaluate the attack detection methodology for the anomaly detection.
To study the characteristics of Wireshark application in detecting the flooding attack.
1.5 Research Questions
The research question that will be addressed in this research paper includes
What are the types of flooding attack that are possible for online attack?
What are the issues that leads to detection of flooding attack?
How to carry out the attack detection technique of flooding attack?
What are the processes that helps to evaluate the attack detection methodology for the
anomaly detection?
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9DISSERTATION
2. Literature Review
2.1 Feature of Flood Detection System
According to Modi and Quadir (2014), the main feature of the FDS is utilizing inherent
behavior of TCP SYN– FIN pairs which is used for detecting flooding attack. All packets of
SYN/FIN limits starting as well as ending of the all the TCP connection. The beginning is the
SYN packet and the ending is the FIN packet. The figure below shows the TCP is borrowed from
showing the results of SYN packets. One comes from the result of SYN packet and the other
comes from FIN packet. There is a difference between SYN and the SYN/ACK packet. There is
no particular way to separate the FINs that are active from the FINs that are passive. This is
because the end host under particular leaf router might be server or a client. So, the pairs of
SYN-FIN is usually referred as (SYN, FIN) as well as (SYN/ACK, FIN). The packets of SYN
are mainly generalized so that they can be included in the pure of SYN as well as SYN/ACK
packets. The SYN-FIN pair of packet gets violated by the RST packet. Many of the RST packets
are generated to cancel the TCP connection2. But there is still a possibility to get a SYN-RST
pair.
2. Literature Review
2.1 Feature of Flood Detection System
According to Modi and Quadir (2014), the main feature of the FDS is utilizing inherent
behavior of TCP SYN– FIN pairs which is used for detecting flooding attack. All packets of
SYN/FIN limits starting as well as ending of the all the TCP connection. The beginning is the
SYN packet and the ending is the FIN packet. The figure below shows the TCP is borrowed from
showing the results of SYN packets. One comes from the result of SYN packet and the other
comes from FIN packet. There is a difference between SYN and the SYN/ACK packet. There is
no particular way to separate the FINs that are active from the FINs that are passive. This is
because the end host under particular leaf router might be server or a client. So, the pairs of
SYN-FIN is usually referred as (SYN, FIN) as well as (SYN/ACK, FIN). The packets of SYN
are mainly generalized so that they can be included in the pure of SYN as well as SYN/ACK
packets. The SYN-FIN pair of packet gets violated by the RST packet. Many of the RST packets
are generated to cancel the TCP connection2. But there is still a possibility to get a SYN-RST
pair.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10DISSERTATION
Figure 1: TCP states for establishing normal connection
(Source: Bijalwan et al. 2015)
There are packet classifications which differentiates the RST packets, TCP SYN packets
and the FIN packets at the leaf routers (Aung and Thant 2017). This classification of packet was
motivated for providing the service that differentiate the IP flows. For distinguishing the control
packets of TCP, there are packets of large scale mechanisms for controlling the TCP packets of
the routers at a very high speed.
The leaf routers particularly have no state or might have state which is used for in the
Flood Detection System. Three new variables are there at the leaf routers for measuring the total
number of SYN received, RST packets as well as FIN at inbound as well as in outbound
interface (Khandelwal, Gupta and Bhale 2016). Traffic flows from Internet to Intranet and is
known as inbound and traffic that flows from Intranet to Internet is known as outbound.
Figure 1: TCP states for establishing normal connection
(Source: Bijalwan et al. 2015)
There are packet classifications which differentiates the RST packets, TCP SYN packets
and the FIN packets at the leaf routers (Aung and Thant 2017). This classification of packet was
motivated for providing the service that differentiate the IP flows. For distinguishing the control
packets of TCP, there are packets of large scale mechanisms for controlling the TCP packets of
the routers at a very high speed.
The leaf routers particularly have no state or might have state which is used for in the
Flood Detection System. Three new variables are there at the leaf routers for measuring the total
number of SYN received, RST packets as well as FIN at inbound as well as in outbound
interface (Khandelwal, Gupta and Bhale 2016). Traffic flows from Internet to Intranet and is
known as inbound and traffic that flows from Intranet to Internet is known as outbound.
11DISSERTATION
Depending on behavior of the SYN-FIN pair, the total number of SYN as well as the FIN
packets that are modelled as stationary are different from each other, random process as well as
the FDS (Flood Detection System) is considered as an example of Sequential Change Point
Detection. For making an independent FDS all sites and for accessing the patterns, comparison
between number of SYN as well as FIN is basically normalized by an average number of RST
that is considered as estimation. A method known as CUSUM (Cumulative Sum) is applied
which is a non-parametric method for making FDS more applicable and also makes the
deployment easier (Kolias et al. 2016). There is efficacy for the detection mechanism which is
validated by the simulations that are trace driven. The results from evaluation mainly shows that
the FDS has very short time of detection and has very high accuracy detection level. Because of
the close proximity of the flooding sources as well as the detection mechanism, the SYN flood
attacks are being harmed and location of the flooding attacks are also revealed to the tracer
(Alam, Arafat and Ahmed 2015). All details of flooding attack and the detection and prevention
methods are mentioned in this study.
2.2 Different Flooding attacks
The common DDoS attacks that are used commonly are described below.
UDP Flood
The UDP flood, commonly known as User Datagram Protocol packets (UDP) packets.
The main goal of UDP attack is flooding the random ports that comes on the remote hosts. This
helps to cause host to check the application listening at the port in a repeated way (Osanaiye and
Dlodlo 2015). When application is not found, then the reply is done with ICMP packet which is
also known as Destination Unreachable. This process helps to sap the host resources that leads to
inaccessibility.
Depending on behavior of the SYN-FIN pair, the total number of SYN as well as the FIN
packets that are modelled as stationary are different from each other, random process as well as
the FDS (Flood Detection System) is considered as an example of Sequential Change Point
Detection. For making an independent FDS all sites and for accessing the patterns, comparison
between number of SYN as well as FIN is basically normalized by an average number of RST
that is considered as estimation. A method known as CUSUM (Cumulative Sum) is applied
which is a non-parametric method for making FDS more applicable and also makes the
deployment easier (Kolias et al. 2016). There is efficacy for the detection mechanism which is
validated by the simulations that are trace driven. The results from evaluation mainly shows that
the FDS has very short time of detection and has very high accuracy detection level. Because of
the close proximity of the flooding sources as well as the detection mechanism, the SYN flood
attacks are being harmed and location of the flooding attacks are also revealed to the tracer
(Alam, Arafat and Ahmed 2015). All details of flooding attack and the detection and prevention
methods are mentioned in this study.
2.2 Different Flooding attacks
The common DDoS attacks that are used commonly are described below.
UDP Flood
The UDP flood, commonly known as User Datagram Protocol packets (UDP) packets.
The main goal of UDP attack is flooding the random ports that comes on the remote hosts. This
helps to cause host to check the application listening at the port in a repeated way (Osanaiye and
Dlodlo 2015). When application is not found, then the reply is done with ICMP packet which is
also known as Destination Unreachable. This process helps to sap the host resources that leads to
inaccessibility.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 53
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.