Transcript Slide 1

1
NET 536
NETWORK SECURITY
Networks and
Communication
Department
Lab 1: TCP IP Attacks
DoS flood attack Question 1
In order to implement the classic DoS flood attack, the
attacker must generate a sufficiently large volume of packets
to exceed the capacity of the link to the target organization.
Consider an attack using ICMP echo request (ping) packets
that are 500 bytes in size (ignoring framing overhead).
How many of these packets per second must the attacker
send to flood a target organization using a 0.5-Mbps link?
How many per second if the attacker uses a 2-Mbps link?
Or a 10-Mbps link?
Answer
3
NOTE
1 byte (B) = 8 bits (b)
1 Kilobit (Kb) = 2^10= 1024 bits
1 Megabit (Mb) = 2^20=1,048,576 bits
1 Gigabit (Gb) = 2^30= 1,073,741,824 bits

18-Jul-15
Networks and Communication Department
Answer
4
To flood a bandwidth of W bits with packets of length P bits, the
attacker would need W/P packets.
1- For W=0.5 Mbit and P=500 byte=(500*8)=4000 bits
the attacker would need:
W/P= 0.5M/(500*8) = (0.5*2^20)/(4000)
= 131.072. That is, 132 packets per second.
18-Jul-15
Networks and Communication Department
Answer
5
2- For W=2 Mbit and the same P= 500 byte,
the attacker would need:
W/P=(2*2^20)/ (500*8)
=2097152/ 4000
=524.288 that is 525 packets per second
18-Jul-15
Networks and Communication Department
Answer
6
3- For W=10 Mbit and the same P= 500 byte, the
attacker would need:
W/P=(10*2^20)/ (500*8)
= 10485760/ 4000
=2621.44
that is 2622 packets per second..
18-Jul-15
Networks and Communication Department