Scribd
Upload
16 views6 pages

Dos Firewall

The document discusses denial of service (DoS) attacks and ping flood attacks. It defines DoS attacks as attempts to prevent legitimate users from accessing systems or resources. It describes different types of DoS attacks and methods such as consuming computational resources or disrupting network components. It then focuses on ping flood attacks, explaining how they work by overwhelming targets with ICMP echo requests to make them unavailable.

Uploaded by

امجد حاتم عبد المنعم
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views6 pages

Dos Firewall

The document discusses denial of service (DoS) attacks and ping flood attacks. It defines DoS attacks as attempts to prevent legitimate users from accessing systems or resources. It describes different types of DoS attacks and methods such as consuming computational resources or disrupting network components. It then focuses on ping flood attacks, explaining how they work by overwhelming targets with ICMP echo requests to make them unavailable.

Uploaded by

امجد حاتم عبد المنعم
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Dos attack

A DoS (Denial of Service) Attack in which the primary goal is to deny the victim(s)
access to a particular resource.
A DoS (Denial of Service) attack aims at preventing, for legitimate users, authorized
access to a system resource or the delaying of system operations and functions. Is an
attempt to make a computer resource unavailable to its intended users.
Typically, the targets are high profile web servers where the attack is aiming to cause the
hosted web pages to be unavailable on the Internet.

Methods of Attacks
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent
legitimate users of a service from using that service.
Examples include:
 attempts to "flood" a network, thereby preventing legitimate network traffic.
 Attempt to disrupt a server by sending more requests than it can possibly handle,
thereby preventing access to a service.
 attempts to prevent a particular individual from accessing a service. attempts to
disrupt service to a specific system or person.
A DoS attack can be perpetrated in several ways. There are three basic types of attack:
 consumption of computational resources, such as bandwidth, disk space, or CPU
time.
 disruption of configuration information, such as routing information.
 disruption of physical network components.

 unusually slow network performance (opening files or accessing web sites).


 unavailability of a particular web site and inability to access any web site.
 dramatic increase in the number of spam emails received.

Ping flood Attack (ICMP attack)


What is a Ping (ICMP) flood attack?
A ping flood is a denial-of-service attack in which the attacker attempts to
overwhelm a targeted device with ICMP echo-request packets, causing the target
to become inaccessible to normal traffic. When the attack traffic comes from
multiple devices, the attack becomes a DDoS or distributed denial-of-service
attack.

How does a Ping flood attack work?


The Internet Control Message Protocol (ICMP), which is utilized in a Ping Flood
attack, is an internet layer protocol used by network devices to communicate. The
network diagnostic tools traceroute and ping both operate using ICMP.
Commonly, ICMP echo-request and echo-reply messages are used to ping a
network device for the purpose of diagnosing the health and connectivity of the
device and the connection between the sender and the device.

An ICMP request requires some server resources to process each request and to
send a response. The request also requires bandwidth on both the incoming
message (echo-request) and outgoing response (echo-reply). The Ping Flood
attack aims to overwhelm the targeted device’s ability to respond to the high
number of requests and/or overload the network connection with bogus traffic.
The damaging effect of a Ping Flood is directly proportional to the number of
requests made to the targeted server; Ping Flood attack traffic is symmetrical; the
amount of bandwidth the targeted device receives is simply the sum of the total
traffic sent from each bot.

ICMP FLOOD ATTACK (LAB): -


we are using kali-Linux as the attacker machine and our
firewall as the target machine. To start the ICMP flood, we
need to write the following command:

sudo hping3 –-icmp –-flood (target Ip address)

Configure DoS policy and control it from GUI.


Go to Policy & Objects->IPv4 DoS Policy and 'Create New'.
Configure the given fields with the value based on the requirement to
match the traffic and control it.

This figure shows the system performance of firewall before


the ICMP flood Dos attack.
This figure shows the attacker machine running the custom
hping3 on the terminal:

Below the picture showing the network logs of firewall during the ICMP
flood Dos attack:

You might also like