Article

PING attack – How bad is it?

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

PING-based Distributed Denial of Service (DDoS) attacks are infamous as they are known to have brought down high profile web sites such as Ebay, ETrade and Yahoo. They have also been used in an attempt to bring down the entire Internet by attacking its DNS root servers. In this paper, we investigate the impact of PING-flooding on computer systems. We create real PING-attack traffic in a controlled lab environment at UTPA to understand the intensity of the attack and its impact on processing power of a Windows-XP computer deploying Pentium-4, 2.66 GHz processor. In this experiment, we set out to measure the rate of resource exhaustion of the computer as its bandwidth is increasingly consumed by the PING-attack traffic. It is observed that PING attack causes resource starvation for the computer when the PING-attack traffic increasingly consumes the bandwidth of a Fast Ethernet Link.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... As DoS attack is flooding illegitimate traffic towards the victim host, in this attack ICMP echo request packet was send towards the victim host and as the host which receives the echo request should reply with the same data to the source host with Echo reply message, the attacker intention is to consume the resources of the victim host. ICMP echo requests when flood towards the victim host, consumes all the resources of the victim in performing the job of sending echo replies for all the echo requests resulted in Denial of Service attack [18,19]. ...
... And this was also a common type of attack. Victim, who came across this type of attack in a network, thinks that there was some problem in the network, but it was difficult to identify the attack, because attack traffic was similar to the original traffic [18,19]. ...
Article
Full-text available
Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security sys-tems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments' websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital secu-rity device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before de-ploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is sel-dom evaluated for their effectiveness. Many times, these IPS's can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its per-formance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to pro-vide satisfactory protection despite the availability of the protection features against these flooding attacks. It is impor-tant for the network managers to measure the actual capabilities of an IPS system before its deployment to protect criti-cal information infrastructure.
... Using this, an ICMP echo request and reply messages together can test the reachability of a computer on a network [13]. The ICMP echo request and reply messages are identified by the value of the type field in the ICMP message format [14]. If the value of type field is equal to 8, it becomes echo request, if the value of type field is equal to 0, it becomes an echo reply [13]. ...
... These Ping based DDoS attacks are flood of a large number of ping messages sent to target are known to be quite damaging to the availability of the webbased services. The Ping attack can exhaust the target server's bandwidth and computing resources [14]. The victim computer continues receiving a Ping message that generates an ICMP echo reply message sent to the source address of the Echo Request. ...
Article
Full-text available
There are different types of Cyber Security Attacks that are based on ICMP protocols. Many ICMP protocols are very similar, which may lead security managers to think they may have same impact on victim computer systems or servers. In this paper, we investigate impact of different ICMP based security attacks on two popular server systems namely Microsoft’s Windows Server and Apple’s Mac Server OS running on same hardware platform, and compare their performance under different types of ICMP based security attacks.
... A more recent study of the impact of DoS attacks can be found in [31,32]. Ping and ARP storm attacks are two wellknown DoS attacks. ...
... Ping and ARP storm attacks are two wellknown DoS attacks. The experiments in [31,32] found that these DoS attacks consume the target computer's processing resources much faster than its bandwidth resources. ...
Article
Security assessment of a system is a difficult problem. Most of the current efforts in security assessment involve searching for known vulnerabilities. Finding unknown vulnerabilities still largely remains a subjective process. The process can be improved by understanding the characteristics and nature of known vulnerabilities. The knowledge thus gained can be organized into a suitable taxonomy, which can then be used as a framework for systematically examining new systems for similar but as yet unknown vulnerabilities. There have been many attempts at producing such taxonomies. This article provides a comprehensive survey of the important work done on developing taxonomies of attacks and vulnerabilities in computer systems. This survey covers work done in security related taxonomies from 1974 until 2006. Apart from providing a state-of-the-art survey of taxonomies, we also analyze their effectiveness for use in a security assessment process. Finally, we summarize the important properties of various taxonomies to provide a framework for organizing information about known attacks and vulnerabilities into a taxonomy that would benefit the security assessment process.
... This causes the target to become unavailable to legitimate traffic. When this attack comes from multiple sources, the attack becomes a DDoS attack [23]. Ping message sends ICMP packets to test the availability of a node in a network. ...
... Ancak, DoS saldırıları da, kablosuz ağlar bünyesinde halen sıkça kullanılan saldırı tiplerindendir. Bir önceki bölümde yer verilmiş DoS saldırılarının yanı sıra, kablosuz ağlara özgü olan ve kimlik doğrulama kapsamına sahip aşağıdaki tipte DoS saldırıları da geliştirilmiştir: TaĢması saldırısı, İstemcilere sahte kimlik doğrulamayı bozma veya Eşleştirmeyi kırma (Disassociate) istekleri yollamak suretiyle erişim noktası ile bağlantılarını kesmeyi amaçlayan DoS saldırısıdır [10,11]. ...
Article
Full-text available
Kablosuz ağların gelişimi ve kullanımlarının artışı ile bu ağların güvenliğinin sağlanması hususu ön plana çıkmıştır. Kablolu ağlarda bu güne dek kullanılagelmiş olan çeşitli saldırı tipleri, aynı şekilde kablosuz ağlarda da kullanılır olmuştur. En sık görülen saldırı tiplerinden biri, DoS (Denial of Service-Hizmet Reddi) şeklinde sınıflandırılmış olan saldırı çeşididir. Kablosuz Ağ donanımı imal eden belli başlı şirketler, bu DoS saldırılarına karşı güvenlik politikaları geliştirmiş ve bunları önlemeye çabalamıştır. Ancak, bu kablosuz cihazların kullanıldığı kimi sahalarda birtakım güvenlik zafiyetleri gözlemlenmiştir. Bu çalışmada ilk olarak DoS saldırı teknikleri sınıflandırılmıştır. Ardından, kamuya açık alanlardaki kablosuz ağların DoS saldırılarına karşı zafiyetlerini test etmek için Vbasic programlama dili kullanılarak bir program yazılmıştır. Gerçekleştirilen saldırı tipleri, TCP (Transmission Control Protocol) Taşma Saldırısı, UDP (User Datagram Protocol) Taşma Saldırısı ve Ping Taşma Saldırısı olmuştur. Neticede, gerçekleştirilen saldırılar başarılı olmuştur. Anahtar Sözcükler: DoS-denial of service, hizmet reddi, ping flood, tcp flood, mac spoofing, erişim noktası, kablosuz ağlar Abstract: With the development of wireless networks and the increase in their usage, the security of wireless networks has taken the centre stage. Various attack techniques that were previously used in wired networks have started to be used also in wireless networks. One of the major attacks is the one that is generalized as DoS (Denial of Service). Several wireless device producing companies have developed security policies against DoS attacks and tried to prevent them. However, in some of the fields that these devices are used, some security vulnerabilities have been observed. DoS attack techniques have been classified initially in this study. Afterwards, a program has been developed in Vbasic programming language in order to test the vulnerabilities of wireless networks in public places against DoS attacks. The attack types that were realized are TCP (Transmission Control Protocol) Flood, UDP (User Datagram Protocol) Flood and Ping Flood. Consequently, the attacks have been successful.
... Daha sonra normalden büyük paket ağa gönderilir. Sistemler çökebilir, durabilir veya kapanıp açılabilir[8]. 802.11 Associate/ Authenticate Taşması Saldırısı, Erişim Noktasının ağa dahil olma (association) tablosunu doldurmak için rastgele Mac adresleri üzerinden Kimlik doğrulama ve Ağa Dahil Olma istekleri göndererek zorlama yapar. ...
Article
Full-text available
ZET Bilişim ve internet güvenliği özel sektör ve kamu kuruluşları yanında eğitim merkezleri ve okullarda da günden güne önemi artan bir konudur. Üniversite yerleşkelerinde ve okullarda kurulan yerel alan ağlarına (LAN-Local Area Network), kablolu ya da kablosuz alt yapıda olsa birden çok saldırı düzenlenmektedir. Daha önce kablolu ağlarda yapılan bazı saldırılar, kablosuz ağlarda da kullanılmaya başlanılmıştır. Bunlardan en önemlisi Servis Reddi (DoS-Denial Of Service) saldırılarıdır. DoS saldırıları kullanılan ağdaki dağıtıcı cihazlara veya bant genişliğine yapılmaktadır. Bunun ana sebebi ağ protokollerinin temelinde yatan açıklardır. Ev ve genel kullanım alanına sahip kablosuz ağlarda, bu zaafları kullanan saldırı teknikleri ile yapılan DoS saldırılar başarılı olmaktadır. Bilgi ve iletişim teknolojilerinin etik ve güvenli kullanımı konusunda Bilişim Teknolojileri Öğretmenlerinin bilgi sahibi olmaları gereklidir. Ayrıca bu bağlamda gerek öğrencilerini gerekse iletişim halinde oldukları sosyal çevrelerini bilgilendirmeleri, bilinçlendirmeleri gerekmektedir. Bu nedenledir ki Bilişim Teknolojileri Öğretmen ve öğretmen adaylarının alanları ile ilgili kuramsal ve meslek bilgisi derslerinin yanı sıra teknik temelli alan derslerinde bilgi ve iletişim teknolojileri tabanlı güvenlik sorunlarına yönelik bilgiler de edinmeleri bir tür zorunluluk haline gelmiştir. Bu çalışmada Trakya Üniversitesi Eğitim Fakültesi Bilgisayar ve Öğretim Teknolojileri Eğitimi (BÖTE) Bölümü öğretmen adaylarının internet ve ağ güvenliği konusunda bilgilendirilmesi için protokol zaaflarını kullanarak bir kablosuz ağ saldırı için UDP (User Datagram Protocol) taşma atağı (Flood Attack) uygulaması yapılmıştır.
... This Ping Flood Attack is a Layer-3 attack in the TCP/IP suite. One of the earlier work shows that a simple Ping attack can make the target host busy in processing the ping requests consuming 100% of the CPU utilization [12]. ...
Article
Full-text available
During the Distributed Denial of Service (DDoS) attacks, computers are made to attack other computers. Newer Firewalls now days are providing prevention against such attack traffics. McAfee SecurityCenter Firewall is one of the most popular security software installed on millions of Internet connected computers worldwide. “McAfee claims that if you have installed McAfee SecurityCentre with anti-virus and antispyware and Firewall then you always have the most current security to combat the ever-evolving threats on the Internet for the duration of the subscription”. In this paper, we present our findings regarding the effectiveness of McAfee SecurityCentre software against some of the popular Distributed Denial Of Service (DDoS) attacks, namely ARP Flood, Ping-flood, ICMP Land, TCP-SYN Flood and UDP Flood attacks on the computer which has McAfee SecurityCentre installed. The McAfee SecurityCentre software has an in built firewall which can be activated to control and filter the Inbound/Outbound traffic. It can also block the Ping Requests in order to stop or subside the Ping based DDoS Attacks. To test the McAfee Security Centre software, we created the corresponding attack traffic in a controlled lab environment. It was found that the McAfee Firewall software itself was incurring DoS (Denial of Service) by completely exhausting the available memory resources of the host computer during its operation to stop the external DDoS Attacks.
Conference Paper
Full-text available
Cyber security has been a top concern for electric power companies deploying smart meters and smart grid technology. Despite the well-known advantages of smart grid technology and the smart meters, it is not yet very clear how and to what extent, the Cyber attacks can hamper the operation of the smart meters, and remote data collections regarding the power usage from the customer sites. To understand these questions, we conducted experiments in a controlled lab environment of our cyber security lab to test a commercial grade smart meter. In this paper, we present results of our investigation for a commercial grade smart meter and measure the operation integrity of the smart meter under cyber-attack conditions.
Article
Full-text available
Walls of Interlocking Stabilised Soil Blocks (ISSBs) have been considered in low-cost houses around the world especially in developing countries. These were reported to be very weak in resisting the lateral load (e.g. wind or earthquake) without special considerations. In this paper, mechanical properties (compressive strength, elastic modulus, pre/post crack energy absorbed and toughness index) of ISSBs with three configurations and seven combinations of plain and fibrous mortar cubes are experimentally evaluated. Sisal fibre and rice straw (2% and 5%, by cement mass) were considered for fibrous mortar. Empirical equations were developed to predict elastic modulus. It was found that ISSBs had reasonable strength to be considered for masonry. The failure load and toughness index of 2% sisal fibre samples was improved by 10% and 16%, respectively, whereas 2.21 times enhancement was found in elastic modulus. Thus, 2% sisal fibre in plaster (i.e. reinforced coating) would likely improve the lateral resistance of interlocked masonry walling.
Article
Electronic mail is today's most widely used method of communication. In recent years, if e-mail had not been there, communication would not have been possible. Because of SMTP (Simple Mail Transfer Protocol) is an old communication protocol used for electronic mail. It has various bugs arising from its design. In this study, several malicious attacks which can be made on the SMTP protocol have been investigated and classified. Various forms of software have been developed in Visual Basic 6.0 to deal with these attacks. Finally we have tried to suggest some rules for preventing these attacks. The results were examined and measures to be taken explained.
Article
Both Microsoft's Windows 7 and Apple's Snow Leopard operating systems claim to provide users with a safer and more reliable environment, but no work has evaluated and compared their resilience against common DDoS attack traffic. The authors compare the effect of this type of attack traffic on both systems installed on the same iMac hardware platform under the same network attack conditions. In particular, they consider common DDoS traffic at different layers of the TCP/IP protocol stack—namely, ARP flood, ping flood, and TCP-SYN flood attacks, which correspond to layers 2, 3, and 4, respectively. Interestingly, the iMac computer with its native Snow Leopard system was found to exhaust more computing resources when compared to that of Windows 7 installed on the same platform and under the same attack conditions.
Conference Paper
Using IXP2XXX network processor (NP), a fast processing of Internet Control Message Protocol (ICMP) is embedded in the NP based firewall. By interpolating the module before processing the information of network interface layer and setting a special jump identifier for the exceptional process microblock on NP, simulation results show that the optimized method in this paper can simplify the process flow and improve the ICMP processing efficiency.
Conference Paper
Distributed Denials of Service (DDoS) attacks are increasing over the Internet, where the attacker consumes all the resources of the network or the victim computer, thus preventing legitimate users from accessing the services. This paper compares the impact of a DDoS attack, called Land Attack, on popular operating systems such as “Windows XP”, “windows Vista” and “Apple’s Leopard”. We investigate and compare the built-in ability of these operating systems in withstanding land attacks at different loads of Land Attack traffic. In this experiment, we measure the exhaustion of the computing resources, for the above mentioned operating systems under varying loads of the Land Attack traffic. Our results show that Windows XP operating system was most robust, and capable of surviving the ICMP-Land Attack when compared with Windows Vista and Apple’s Leopard operating systems.
Conference Paper
McAfee SecurityCenter Firewall is one of the most popular security software installed on millions of Internet connected computers worldwide. ¿McAfee claims that if you have installed McAfee SecurityCentre with anti-virus and anti-spyware and Firewall version 9.3 then you always have the most current security to combat the ever-evolving threats on the Internet for the duration of the subscription¿. In this paper, we present our findings regarding the effectiveness of McAfee SecurityCentre software against one of the most popular distributed denial of service (DDoS) attack, namely ping-flood attack on the computer which has McAfee SecurityCentre installed. The McAfee SecurityCentre software has an in built firewall which can be activated to control and filter the inbound/outbound traffic. It can also block the ping requests in order to stop or subside the ping based DDoS Attacks. To test the McAfee Security Centre software, we created the ping traffic in the controlled lab environment of Networking Research Lab here at The University of Texas-Pan American. It was found that the McAfee Firewall software itself was incurring DoS (denial of service) by completely exhausting the available memory resources during its operation of stopping the external ping attack.
Conference Paper
TCP-SYN attack is one of the commonly used DDoS attacks aimed at bringing down a computer system connected to Internet. There has been an increased targeting of Windows end-users and servers. The attackers and intruders are leveraging easily identifiable network blocks to target and exploit Windows end-user servers and computer systems. In order to provide some level of security and protection against security attacks, the Microsoft's Windows XP operating systems were designed with an additional level of security. The initial Microsoft's windows XP without service pack2 (SP2) provided windows firewall with some security features. The later version of Microsoft's windows XP with SP2 intends to provide enhanced security features to prevent and mitigate the adverse effect of security attacks on the host computer systems. In this experimental paper, we set out to conduct real TCP-SYN attacks on computer systems in a controlled lab environment and measure the effectiveness of Microsoft's windows XP without SP2, and with SP2 in preventing TCP-SYN attacks. The Windows firewall (without SP2) was found to be not effective against the TCP-SYN attacks. However, the later version of Microsoft's Windows XP with SP2 was found to significantly help mitigate the adverse effect of the TCP SYN attacks on Windows based computer systems.
Conference Paper
Full-text available
We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: “flood” a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defences. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes of input flows
Article
First Page of the Article
Trends in denial of service attack technology. Computer Emergency Response Team (CERT) â Coordination Center
  • Houle J Kevin
  • Weaver George
Houle Kevin J, Weaver George M. Trends in denial of service attack technology. Computer Emergency Response Team (CERT) â Coordination Center; October 2001. v1.