• Corpus ID: 7965014

Modeling DDoS Attacks with IP Spoofing and Hop-Count Defense Measure Using OPNET Modeler

@inproceedings{Akhter2013ModelingDA,
  title={Modeling DDoS Attacks with IP Spoofing and Hop-Count Defense Measure Using OPNET Modeler},
  author={Shahid Akhter and Jack Myers and Chris R. Bowen and Stephen Ferzetti and Patrick Belko and Vasil Hnatyshin},
  year={2013}
}
Distributed Denial of Service (DDoS) attacks continue to plague today's Internet. The variety and ingenuity of such attacks requires network security analysts to perpetually develop more robust forms of attack identification and prevention. UDP flood is one of the simplest to deploy DDoS attacks. It is based on the idea of overwhelming the receiver with a huge amount of traffic causing congestion and preventing legitimate services. Such attacks are often launched together with IP spoofing which… 

Figures from this paper

Securing internet by eliminating DDOS attacks

An Inter domain Packet Filter architecture to overcome the IP Spoofing level on the Internet is proposed and the spoofing capability of attackers is confined by IPF, and the filter identifies the source of an attack packet by minimal number of candidate network.

An intrusion detection system against UDP flood attack and ping of death attack (DDOS) in MANET

DDoS is one of the serious attacks in the ad hoc network and efficient intrusion detection (IDS) system is required to monitor the network continuously, keeping track of malicious activities and policy violations and produce report to the network administrator.

DoS and DDoS Attacks at OSI Layers

It is explained how different types of attacks can be implemented and launched from different OSI model layers and provides a better understanding of these increasing occurrences in order to improve efficient countermeasures.

An Improved Strategy for Detection and Prevention IP Spoofing Attack

UHCF: Updated Hop Count Filter Using TTL Probing and Varying Threshold for Spoofed Packet Separation

This paper proposes a novel Updated Hop Count Filtering (UHCF) mechanism using probing and variable threshold for accurately measuring the affected packets from the normal traffic to prove its authenticity and accuracy.

Wireless Network Behaviour during Jamming Attacks: Simulation using OPNET

The results showed that the investigated jamming attacks can cause severe performance degradation into wireless networks and jamming attack is successfully avoided by using channel switching technique.

References

SHOWING 1-10 OF 11 REFERENCES

Hop-count filtering: an effective defense against spoofed DDoS traffic

Hop-Count Filtering (HCF) can identify close to 90% of spoofed IP packets, and then discard them with little collateral damage, and is implemented and evaluated in the Linux kernel, demonstrating its benefits using experimental measurements.

Pi: a path identification mechanism to defend against DDoS attacks

Pi (short for path identifier), a new packet marking approach in which a path fingerprint is embedded in each packet, enabling a victim to identify packets traversing the same paths through the Internet on a per packet basis, regardless of source IP address spoofing.

Internet Denial of Service Attacks and Defense Mechanisms

This article presents an in-depth study of the denial of service problem in the Internet, and provides a comprehensive survey of attacks and their countermeasures.

TCP SYN Flooding Attacks and Common Mitigations

This document describes TCP SYN flooding attacks, which have been well-known to the community for several years. Various countermeasures against these attacks, and the trade-offs of each, are

On a New Type of Denial of Service Attack in Wireless Networks: The Distributed Jammer Network

This paper demonstrates that DJN can cause a phase transition in the performance of the target network, and employs percolation theory to explain such phase transition, and analyzes the impact of DJN on the connectivity of thetarget network, as well as providing scaling analysis of the jamming performance in relation to the jammer node density with the power density constraint.

Piratebay Servers Down Due to DDoS http://zerosecurity.org/piracy/piratebay-servers-down-due-to-ddos

  • Piratebay Servers Down Due to DDoS http://zerosecurity.org/piracy/piratebay-servers-down-due-to-ddos

Apache Exploit Leaves P to 65% of All Websites Vulnerable http://nakedsecurity.sophos.com/2011/08/26/apache- exploit-leaves-up-to-65-of-all-websites-vulnerable

  • Apache Exploit Leaves P to 65% of All Websites Vulnerable http://nakedsecurity.sophos.com/2011/08/26/apache- exploit-leaves-up-to-65-of-all-websites-vulnerable

Understanding Denial-of-Service Attacks, http://www.uscert .gov/ncas/tips/ST04-015, last accessed 3

  • Understanding Denial-of-Service Attacks, http://www.uscert .gov/ncas/tips/ST04-015, last accessed 3

CERT® Advisory CA-1996-01 UDP Port Denial-of-Service Attack

  • CERT® Advisory CA-1996-01 UDP Port Denial-of-Service Attack
  • 2013

Apache Exploit Leaves P to 65% of All Websites Vulnerable

  • http://nakedsecurity.sophos.com/2011/08/26/apacheexploit-leaves-up-to-65-of-all-websites-vulnerable/, last accessed 4/18/13
  • 2011