TCP-SYN Flooding Attack in Wireless Networks

This paper concerns the TCP (Transmission Control Protocol) vulnerabilities which gives space for a DoS (Denial of Service) attacks called TCP-SYN flooding which is well-known to the community for several years. The paper shows this attack in wireless as well as wired networks using perl synflood script, Wireshark network analyzer server, Windows 2008 server, and OPNET simulation environment. Using these tools an effects of this attack are shown. Finally, some effective practical mitigation techniques against SYN flooding attack for Linux and Windows systems are explained

DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Real-time cross-layer design for large-scale flood detection and attack trace-back mechanism in IEEE 802.11 wireless mesh networks

IEEE 802.11 WMN is an emerging next generation low-cost multi-hop wireless broadband provisioning technology. It has the capability of integrating wired and wireless networks such as LANs, IEEE 802.11 WLANs, IEEE 802.16 WMANs, and sensor networks. This kind of integration: large-scale coverage, decentralised and multi-hop architecture, multi-radios, multi-channel assignments, ad hoc connectivity support the maximum freedom of users to join or leave the network from anywhere and at anytime has made the situation far more complex. As a result broadband resources are exposed to various kinds of security attacks, particularly DoS attacks

Adaptive Response System for Distributed Denial-of-Service Attacks

The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS) attacks in today’s Internet raise growing security concerns and call for an immediate response to come up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually inflexible and determined attackers with knowledge of these mechanisms, could work around them. Most existing detection and response mechanisms are standalone systems which do not rely on adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating detected attack traffic, there is a need for an Adaptive Response System. We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a distributed DDoS mitigation system capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integrations for both signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. These components consist of an Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together interactively to adapt the detections and responses in accordance to the attack types. Experiments conducted on DARE show that the attack detection and mitigation are successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim under attack verifies the authenticity of the source by performing virtual relocations to differentiate the legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6 protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to verify that it would work with the existing Mobile IPv6 implementation. It was observed that the operations of each module were functioning correctly and TRAPS was able to successfully mitigate an attack launched with spoofed source IP addresses

Denial of Service in Voice Over IP Networks

In this paper we investigate denial of service (DoS) vulnerabilities in Voice over IP (VoIP) systems, focusing on the ITU-T H.323 family of protocols. We provide a simple characterisation of DoS attacks that allows us to readily identify DoS issues in H.323 protocols. We also discuss network layer DoS vulnerabilities that affect VoIP systems. A number of improvements and further research directions are proposed

Analysis of the SYN Flood DoS Attack

The paper analyzes systems vulnerability targeted by TCP (Transmission Control Protocol) segments when SYN flag is ON, which gives space for a DoS (Denial of Service) attack called SYN flooding attack or more often referred as a SYN flood attack. The effects of this type of attack are analyzed and presented in OPNET simulation environment. Furthermore, the paper presents two anomaly detection algorithms as an effective mechanism against this type of attack. Finally, practical approaches against SYN flood attack for Linux and Windows environment are shown

Security Analysis of a Blockchain Network

Blockchains have gained popularity due to their versatility and wide range of application. Blockchains are a decentralized data structure guaranteeing integrity and non-repudiation of data We use this to secure provenance meta-data. A blockchain can be seen as a distributed database, or a public ledger of transactions or digital events that have occurred and have been shared among participating parties. A consensus is required to verify each transaction. Blockchains are finding use in cryptocurrencies, academics, clinical trials, healthcare and agriculture. However, like other networks, we need to verify the robustness and availability of the blockchain networks. In this thesis, we leverage existing Denial of Service and Distributed Denial of Service [D/DoS] attacks as a tool to evaluate our proposed blockchain technology, Scrybe, for robustness. First, we check its performance in presence of Transmission Control Protocol [TCP]- based flooding attacks such as SYN Flooding and its variants. We also optimize TCP kernel parameters to improve the utility of syn cookies as a measure against SYN floods. Second, we evaluate malicious miner attempts to exclude client transactions by stalling the mining process and verify that consensus is reached as long as there is at least one honest miner in the network. The underlying algorithm of Scrybe is our novel Lightweight Mining [LWM] algorithm. Our technology guarantees the properties of data integrity and non-repudiation with minimal resource requirements. It introduces a way to mine new blocks in the blockchain, which is not a resource hungry Proof-of-Work [PoW] as required in many present-day cryptocurrency applications