Running Head: SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 1

Security Attack on Systems and Web Servers

Author’s Name

School of Affiliation

Date
 SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 2

1. Denial of Service (DOS)

This is an attack launched by a malicious user that makes a resource unavailable to the

users and this is achieved through the flooding of the URL target with numerous requests than

that a server can handle. The traffic in accessing a particular site will be slowed down than

normal, or rather, it would be interrupted completely. The Denial of Service takes place when the

legitimate users of a web service or resource are denied access and use (Qin et al. 2018). The

attack affects the individual or organization emails, the websites, and online accounts of the

banking sector.

The most common existing type of the denial of service attack is the Smurf attack, where

the sending of the internet control message protocol packet using spoofed IP addresses to

multiple hosts in the network. The response was made on the spoofed IP addresses making the

target host experience flooding initiating denial of service. The SYN flood attack as a form of

denial of service attack occurs when requests are sent by an attacker to be connected to the

server, but the connection cannot complete because of a three-way handshake. The

incompleteness of the handshake left a port in an unconnected status and unavailable for

requests. Sending the packets will continue making the ports saturated; hence legitimate users

will not connect to the connect, resulting in a DOS.

2. Distributed Denial of Service Attack (DDOS)

This nature of the attack is typically a Denial of service attack but comes out from

multiple sources affecting the same target. The origin and source of the DDOS attack may come

from numerous zombie machines connected to the internet. The attacker used a botnet as a

machine controlled remotely and used to launch attacks on the internet. The attack is made from

multiple sources, and coordination is done from a centralized place (Jamal et al. 2018). There
 SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 3

exist many botnets worldwide. The attacker only needs to infect one with malicious software that

corrupts its data and alters its normal functioning in the network after infection. For instance, a

malicious user may be hired to cripple a competitive or rival company in the market by

launching a denial of service attack. The discussed below are the three types (volumetric,

protocol, and application-layer attacks).

Types of Distributed Denial of Service Attack.

a. The Application Layer Attack

The attack is also known as the layer 7 attacks. The malicious users launching the attack

aim to exhaust the target's resources, thereby creating a denial of service. The DOS attack has its

specific target on the application layer, where the web pages are created and delivered to the

client upon responding to an HTTP request from the client. For effective running of the HTTP

request on the server, the service focuses on loading the multiple files running the database

queries needed to create a web page. Upon the creation of the web pages, the response is given

back to the client (Mahjabin et al. 2017). The attack is difficult to detect and prevent, as it is

difficult for one to assess legit traffic from malicious traffic. The numerous HTTP request from

multiple clients both legit malicious cause traffic on the web pages, thereby slowing down the

process or completely interrupting the process hence causing a denial of service.

The attack targets web-based applications, web servers, and web application platforms.

The attacker will make the server have crashed, making the application that uses the server

difficult to access. The attacker exploits the available vulnerabilities exposed by the user, or the

attacker finds them in the application. This business logic is underlying or focuses on abusing the

HTTPS or SNMP in the network. The attack's success is enhanced because it uses less

bandwidth; hence, the rate of display of network traffic is slow compared to other attacks,
 SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 4

making its detection difficult. The attack launched on a system is measured in terms of requests

per second sent to the server.

● HTTP flood

The exploitation of the legitimate request of an HTTP POST or GET in an attempt to

attack the web server or web-based application. The attack uses less bandwidth on the target host

to remain undetected. The attacker makes sure that the web-based application server uses

maximum resources when responding to a single request made—causing a denial of service

attack.

b. Protocol attacks

The attack was launched by a malicious user to over-consuming the available server

resources or the existing resources of the load balancers and the network firewalls, thereby

leading to a denial of service attack (Yadav et al. 2016). The attack is also called state

exhaustion, as it causes a complete disruption of the server functionality. The attack targets the

OSI model's network layer and transport layer, layers 3 and 4. The attack is portrayed using the

SYN flood attack.

● SYN flood attack

The attack launched uses the TCP handshake where the computers in a network initiate

communication by sending the target number of TCP connections with spoofed source IP

addresses. When a client sends an HTTP request and the server before confirmation, more

requests come in until it becomes overwhelming, and the resources depleted, causing a denial of

service when the target machine sends responses to the clients that made connection requests and

waits for the final handshake that never comes leading to exhaustion of target machine resources

(Zeebaree et al. 2020).

 SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 5

● Ping of death attack

The malicious pings are sent to the target host by the attacker. There exists a limit of

packets sent in the data link layer. A larger IP packet is split into multiple IP packets making the

recipient host reassemble the packets for completion (Yihunie et al. 2018). The attacker

maliciously fragments a content making the host end up with a larger IP packet on reassembling.

The result leads to the overflowing of the memory buffer allocated to the packet. The attack

causes legitimate packets to suffer from denial of service.

c. Volumetric attacks

 The malicious user on launching this attack consumes all the existing bandwidth

between the target machine and the larger internet, thereby causing high-level congestion in the

network (Larson & D, 2016). The attack's nature is based on the transmission of numerous data

to an identified target using the application as the basic form or using other manipulative ways of

creating massive traffic in the network, such as the request sent from a botnet. The attacker uses

DNS amplification as a way to cause a denial of service to users.

● ICMP floods

The attack focuses on overwhelming the target source. Let's say the server with the ICMP

Echo requests or the ping packets. The botnet controlled by the attacker sends the packets faster

without waiting for a response or replies. The attacks consume the incoming and outgoing

bandwidth since the server being targeted will try responding to the ping packets resulting in

slowing down the server performance or complete interruption.

● UDP floods

The attack focuses on flooding the target with User Datagram Packet to ensure the

random ports are flooded on the remote host. The host continuously checks for the listening
 SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 6

application at that port, having ICMP destination unreachable packet, thereby sapping the

resources leading to service accessibility in the network.

● Domain Name Server application.

The attacker makes sure that he sends multiple requests to an available Domain name

Server using a spoofed IP address in the network. The server's target IP address receives the

request from the owner of the spoofed IP address from the server in the network, which leads to

congestion because of numerous requests sent to them, causing a denial of service attack (Costa

et al. 2016).

Prevention of DDOS attack

● We are purchasing more bandwidth to make network infrastructure resistant to DDOS

attacks in spikes in traffic caused by malicious user activities.

● Use of Anti-DDOS software modules and hardware where load balancers are used and

the addition of software modules in different web servers to prevent the occurrence of

DDoS. The close monitoring of incomplete connections flushing them out as the number

reaches a given threshold value configured is the best preventive measure to DDOS.

● Configuring the hardware in the network against DDOS attacks will reduce malicious

activities on the network. Small changes like configuration of firewall to drop requests

made to the DNS from outside the network.