Dayanand Education Society’s

Dayanand Science College Latur.

SEMINAR REPORT

On

DOS ATTACK
Submitted by

IMDE DIGAMBAR PANDITRAO

(Exam Seat No:……………)

in partial fulfillment for the award of the degree

of

B.Sc. (CS)

SWAMI RAMANAND TEERTH MARATHAWADA UNIVERSITY,

NANDED.
Winter/Summer-2021-22
 Dayanand Science College Latur.
CERTIFICATE

This is to certify that the Seminar entitled “DOS ATTACK” has been carried out

by IMDE DIGAMBAR PANDITRAO under my guidance in partial fulfillment of

the degree of B.SC. of SRTMU, Nanded during the academic year 2018-2019

Guide Coordinator

DR R. B. SHINDE Mrs. S. A. Jaju

H.O.D Principal

Dr. R. B. Shinde Dr. J. S. Dargad

 ACKNOWLEDGEMENT

First of all, I am indebted to our Honorable Principal Dr. J. S. Dargad for giving

me an opportunity to excel in my efforts to complete this seminar on time. I

am extremely grateful to our HOD, Dr. R. B. Shinde Department of Computer

Science or providing all there quired resources for the successful completion

of my seminar. My heartfelt gratitude to my seminar guide DR R. B. SHINDE

Assistant Professor, Computer Science Department, for her valuable

suggestions and guidance in the preparation of the seminar report. I express

my thanks to our Coordinator Mrs. S. A. Jaju Mam Assistant Professor, and all

staff members and friends for all the help and co-ordination extended in

bringing out this seminar successfully in time. I will be failing in duty if I do not

acknowledge with grateful thanks to the authors of the references and other

literatures referred to in this seminar. Last but not the least; I am very much

thankful to my parents who guided me in every step which I took.

Thanking You
IMDE DIGAMBAR PANDITRAO
BSC TY
 III

INDEX

Topic Page No.

COVER PAGE I
CERTIFICATE II
ACKNOWLEDGEMENT III
INDEX IV

1. DOS ATTACK
1.1 INTRODUCTION 1

2. TYPES OF DOS ATTACK .

2.1 Application-layer Flood .

2.2 Distributed Denial of Service Attacks

2.3 Unintended Denial of Service Attacks

3 3.1 SYMPTOMS OF DOS ATTACK

DOS ATTACK
1.1 INTRODUCTION:-
A Denial-of-Service (DoS) attack is an attack meant to shut
down a machine or network, making it inaccessible to its
intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a
crash. In both instances, the DoS attack deprives legitimate
users (i.e. employees, members, or account holders) of the
service or resource they expected.

Victims of DoS attacks often target web servers of high-profile

organizations such as banking, commerce, and media
companies, or government and trade organizations. Though
DoS attacks do not typically result in the theft or loss of
significant information or other assets, they can cost the victim
a great deal of time and money to handle.

There are two general methods of DoS attacks: flooding services or

crashing services. Flood attacks occur when the system receives too
much traffic for the server to buffer, causing them to slow down and
eventually stop. Popular flood attacks include:

 Buffer overflow attacks – the most common DoS attack. The

concept is to send more traffic to a network address than the
programmers have built the system to handle. It includes the attacks
listed below, in addition to others that are designed to exploit bugs
specific to certain applications or networks
 ICMP flood – leverages misconfigured network devices by
sending spoofed packets that ping every computer on the targeted
network, instead of just one specific machine. The network is then
triggered to amplify the traffic. This attack is also known as the smurf
attack or ping of death.
 SYN flood – sends a request to connect to a server, but never

completes the handshake. Continues until all open ports are

saturated with requests and none are available for legitimate
users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target
system or service to crash. In these attacks, input is sent that takes
advantage of bugs in the target that subsequently crash or severely
destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service

(DDoS) attack. A DDoS attack occurs when multiple systems
orchestrate a synchronized DoS attack to a single target. The essential
difference is that instead of being attacked from one location, the
target is attacked from many locations at once. The distribution of
hosts that defines a DDoS provide the attacker multiple advantages:

 He can leverage the greater volume of machine to execute a

seriously disruptive attack
 The location of the attack is difficult to detect due to the random
distribution of attacking systems (often worldwide)
 It is more difficult to shut down multiple machines than one
 The true attacking party is very difficult to identify, as they are
disguised behind many (mostly compromised) systems

Modern security technologies have developed mechanisms to defend

against most forms of DoS attacks, but due to the unique
characteristics of DDoS, it is still regarded as an elevated threat and is
of higher concern to organizations that fear being targeted by such an
attack.

2. TYPES OF DOS ATTACK

2.1 Application-layer Flood :-
In this attack type, an attacker simply floods the service
with requests from a spoofed IP address in an attempt to
slow or crash the service, illustrated in . This could take
the form of millions of requests per second or a few
thousand requests to a particularly resource-intensive
service that eat up resources until the service is unable
to continue processing the requests.

Preventing application-layer DoS attacks can be tricky.

The best way to help mitigate these types of attacks is
to outsource pattern detection and IP filtering to a third
party (discussed later).

EX . HTTP FLOOD ATTACK

What is an HTTP flood DDoS attack?

An HTTP flood attack is a type of
volumetric distributed denial-of-service
(DDoS) attack designed to overwhelm a targeted
server with HTTP requests. Once the target has
been saturated with requests and is unable to
respond to normal traffic, denial-of-service will
occur for additional requests from actual users.

How does an HTTP flood attack work?

HTTP flood attacks are a type of “layer 7” DDoS

attack. Layer 7 is the application layer of the OSI
model, and refers to internet protocols such as as
HTTP. HTTP is the basis of browser-based internet
requests, and is commonly used to load webpages
or to send form contents over the Internet.
Mitigating application layer attacks is particularly
complex, as the malicious traffic is difficult to
distinguish from normal traffic.
In order to achieve maximum efficiency, malicious
actors will commonly employ or create botnets in
order to maximize the impact of their attack. By
utilizing many devices infected with malware, an
attacker is able to leverage their efforts by
launching a larger volume of attack traffic.

There are two varieties of HTTP flood attacks:

1. HTTP GET attack - in this form of attack,

multiple computers or other devices are
coordinated to send multiple requests for
images, files, or some other asset from a
targeted server. When the target is
inundated with incoming requests and
responses, denial-of-service will occur to
additional requests from legitimate traffic
sources.

2. HTTP POST attack - typically when a form

is submitted on a website, the server must
handle the incoming request and push the
data into a persistence layer, most often a
database. The process of handling the form
data and running the necessary database
 commands is relatively intensive compared
to the amount of processing power and
bandwidth required to send the POST
request. This attack utilizes the disparity in
relative resource consumption, by sending
many post requests directly to a targeted
server until it's capacity is saturated and
denial-of-service occurs.

2.2 Distributed Denial of Service

Attacks (DDoS)
Distributed Denial of Service (DDoS) attacks occur
in much the same way as DoS attacks except that
requests are sent from many clients as opposed to
just one, illustrated in . DDoS attacks often involve
many "zombie" machines (machines that have
been previously compromised and are being
controlled by attackers). These "zombie" machines
then send massive amounts of requests to a
service to disable it.
DDoS attacks are famously hard to mitigate, which
is why outsourcing network filtering to a third party
is the recommended approach. We'll cover this
later on

EX .
UDP Flood Attack

A "UDP flood" is any assault in which the assailant

floods IP packs giving UDP datagrams to the weak
ports of the difficulty structure similar to DDoS
attacks.
The lenient host checks for applications related
with these datagrams and—discovering none—
sends back an "Objective Unreachable" bundle. As
effectively more UDP packs are gotten and
replied, the design gets overpowered and torpid to
different customers.
The attacker may also impersonate the IP address
of the packages in the construction of a UDP flood
attack, both to ensure that the return ICMP groups
do not appear at their host and to anonymize the
assault. A UDP flood assault may be carried out
using a variety of mechanically available
programming packs (e.g., UDP Unicorn).

How UDP flood attack works?

A UDP flood works principally by misusing the
means that a worker takes when it reacts to a UDP
bundle shipped off one of it's ports. Under typical
conditions, when a worker gets a UDP bundle at a
specific port, it goes through two stages
accordingly:
1.The worker first verifies whether any projects
are running which are as of now tuning in for
demands at the predefined port.
2.If no projects are getting bundles at that port,
the worker reacts with an ICMP (ping) parcel
to advise the sender that the objective was
inaccessible.
A UDP flood can be considered with regards to a
lodging assistant steering calls. To begin with, the
secretary gets a call where the guest requests to
be associated with a particular room. The
secretary then necessities to glance through the
rundown, all things considered, to ensure that the
visitor is accessible in the room and willing to
accept the call. When the secretary understands
that the visitor isn't accepting any calls, they need
to pick the telephone back up and tell the guest
that the visitor won't be accepting the call. On the
off chance that abruptly all the telephone lines light
up all the while with comparable solicitations, they
will immediately get overpowered.

As each new UDP parcel is gotten by the worker, it

goes through strides to handle the solicitation,
using worker assets simultaneously. At the point
when UDP bundles are sent, every parcel will
incorporate the IP address of the source gadget.
During this kind of DDoS assault, an assailant will
commonly not utilize their own genuine IP
address, however will rather parody the source IP
address of the UDP bundles, hindering the
aggressor's actual area from being uncovered and
possibly immersed with the reaction parcels from
the focused on worker.
Because of the focused on worker using assets to
check and afterward react to each got UDP
bundle, the objective's assets can turn out to be
immediately depleted when an enormous surge of
UDP parcels are gotten, bringing about
forswearing of-administration to ordinary traffic

2.3 Unintended Denial of Service

Attacks
Not all DoS attacks are nefarious. The third attack type is the
"unintended" Denial of Service attack. The canonical example
of an unintended DDoS is called "The Slashdot Effect (opens new
window)". Slashdot is an internet news site where anyone can
post news stories and link to other sites. If a linked story
becomes popular, it can cause millions of users to visit the site
overloading the site with requests. If the site isn't built to handle
that kind of load, the increased traffic can slow or even crash
the linked site. Reddit and "The Reddit Hug of Death (opens new
window)" is another excellent example of an unintentional DoS.

The only way to prevent these types of unintended DoS attacks

is to architect your application for scale. Use patterns like edge-
caching with CDNs, HTTP caching headers, auto-scaling
groups, and other methods to ensure that even when you

receive a large amount of burst-traffic, your site will not go

down.

Another type of unintentional DoS attack can occur when

servicing low bandwidth areas. For instance, streaming content
internationally means that people in certain areas of the world
with slow or bad internet connections might cause problems.
When your service attempts to send information to these low-
bandwidth areas, packets drop. In an attempt to get the
information to the destination, your service will attempt to
resend all dropped packets. If the connection drops the packets
again, your service may make another attempt. This cycle can
cause your service's load to double or triple, causing your
service to be slow or unreachable for everyone.

EX .

The canonical example of an unintended DDoS is

called "The Slashdot Effect” Slashdot is an
internet news site where anyone can post news
stories and link to other sites. If a linked story
becomes popular, it can cause millions of users to
visit the site overloading the site with requests.

3. SYMPTOMS OF DOS ATTACK

A DDoS attack can disable your website, damage customer
relationships, and make internal work impossible. Attacks can
occur randomly, or as retaliation for perceived slights to an
internet group. No matter the reason behind the attack, it can
be a devastating occurrence for your business. If you don't
have a dedicated defense against these attacks, such
as Radware DefensePro, you are vulnerable.
There are a variety of symptoms that can represent a DDoS
attack on your network. Recognizing them can help mitigate
the damage.

1. Increase in Emails
Some attacks will overload your network with spam emails. If
you or employees notice a dramatic uptick in spam emails
appearing, it may mean you are the target of a mail bomb
attack.

2. Slow Servers
As the attack takes place, your servers will slow down.
Servers will respond in minutes instead of seconds or
sometimes not at all. You may receive "too many
connections" error notices when attempting to navigate. A
slow server doesn't always mean a DDoS attack, though - it
could be old equipment or a natural spike in traffic from a
news event.
3. Slow Computer Performance
A DDoS attack may target a specific machine on the network.
In this case, the user will notice slow performance. It may
take longer to perform routine tasks as the machine is
overloaded with requests from the attack.

Stopping a DDoS Attack

Once the attack has begun, it may be too late to stop. If
you are running an updated Intrusion Prevention
System or DoS Mitigation Engine like Radware
DefensePro, you will be able to prevent the attack from
taking place. Using real-time signature detection, these
solutions will stop the incoming requests and prevent
the network from being shut down. Without an
integrated security solution in place, you have little
recourse for stopping an attack. You could unplug
machines from the network to prevent a spread, or you
could shut down your network - which is the same
result the attack is aiming for.
A DDoS attack may have recognizable symptoms like a
cold or flu, and like those, an ounce of prevention is
worth a pound of cure. Explore your attack mitigation
options with security solutions from Radware, and learn
more about potential threats to your network today
at DDoSWarriors.com