Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

How we did it

Today's breaking news
Send to a friendFeedback

By Mandy Andress, Network World Global Test Alliance
Network World, 09/02/02

Passive monitoring devices were connected to a spanning port on the Cisco Catalyst 3500 switch on our target network. Inline devices were placed between our attacker and target networks, in front of the target network's gateway firewall. The target network consisted of a Red Hat 7.2 system running Apache, Sendmail, BIND and Secure Shell, and a Windows 2000 SP2 Server running Internet Information Server. The attack network consisted of a Red Hat Linux 7.2 system and a Win 2000 Professional SP2 system.

After initial setup on the network, we ran 48 hours of valid traffic, consisting of HTTP requests, DNS requests, mail requests and SSH connections to define an adequate baseline.

We launched a variety of attacks against the target network, including TFN SYN flood, Stacheldracht, Fragger, Mstream, Jolt2, Opentear, RC8, Pimp2, Land, Targa3, Naptha, and completely randomized source IP/TCP, User Datagram Protocol (UDP), and Internet Control Messaging Protocol SYN and ACK floods. We launched attacks in phases. Some were short bursts, others were sustained attacks lasting several hours, and others included multiple attacks launched at one time.

We also requested a 2M-byte file located on the Apache server several thousand times in rapid success to see if a sudden increase in valid connection attempts were identified as malicious. To test identification of outbound denial-of-service (DoS) attacks, we installed Tribe Flood Network 2000 on the test network and launched an attack against the systems on our attacker network.

To evaluate the security of the DoS device, we launched attacks against the device itself and ran Internet Security Systems' Internet Scanner against its IP addresses to identify any known vulnerabilities. Because most devices run on the Linux operating system, vulnerabilities in Linux could lead to a compromise of the DoS device.

Back to main review: "Denial of service: Fighting back"


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.