Professional Documents
Culture Documents
Running Head: Security Attack On Systems and Web Servers 1
Running Head: Security Attack On Systems and Web Servers 1
Running Head: Security Attack On Systems and Web Servers 1
Author’s Name
School of Affiliation
Date
SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 2
This is an attack launched by a malicious user that makes a resource unavailable to the
users and this is achieved through the flooding of the URL target with numerous requests than
that a server can handle. The traffic in accessing a particular site will be slowed down than
normal, or rather, it would be interrupted completely. The Denial of Service takes place when the
legitimate users of a web service or resource are denied access and use (Qin et al. 2018). The
attack affects the individual or organization emails, the websites, and online accounts of the
banking sector.
The most common existing type of the denial of service attack is the Smurf attack, where
the sending of the internet control message protocol packet using spoofed IP addresses to
multiple hosts in the network. The response was made on the spoofed IP addresses making the
target host experience flooding initiating denial of service. The SYN flood attack as a form of
denial of service attack occurs when requests are sent by an attacker to be connected to the
server, but the connection cannot complete because of a three-way handshake. The
incompleteness of the handshake left a port in an unconnected status and unavailable for
requests. Sending the packets will continue making the ports saturated; hence legitimate users
This nature of the attack is typically a Denial of service attack but comes out from
multiple sources affecting the same target. The origin and source of the DDOS attack may come
from numerous zombie machines connected to the internet. The attacker used a botnet as a
machine controlled remotely and used to launch attacks on the internet. The attack is made from
multiple sources, and coordination is done from a centralized place (Jamal et al. 2018). There
SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 3
exist many botnets worldwide. The attacker only needs to infect one with malicious software that
corrupts its data and alters its normal functioning in the network after infection. For instance, a
malicious user may be hired to cripple a competitive or rival company in the market by
launching a denial of service attack. The discussed below are the three types (volumetric,
The attack is also known as the layer 7 attacks. The malicious users launching the attack
aim to exhaust the target's resources, thereby creating a denial of service. The DOS attack has its
specific target on the application layer, where the web pages are created and delivered to the
client upon responding to an HTTP request from the client. For effective running of the HTTP
request on the server, the service focuses on loading the multiple files running the database
queries needed to create a web page. Upon the creation of the web pages, the response is given
back to the client (Mahjabin et al. 2017). The attack is difficult to detect and prevent, as it is
difficult for one to assess legit traffic from malicious traffic. The numerous HTTP request from
multiple clients both legit malicious cause traffic on the web pages, thereby slowing down the
The attack targets web-based applications, web servers, and web application platforms.
The attacker will make the server have crashed, making the application that uses the server
difficult to access. The attacker exploits the available vulnerabilities exposed by the user, or the
attacker finds them in the application. This business logic is underlying or focuses on abusing the
HTTPS or SNMP in the network. The attack's success is enhanced because it uses less
bandwidth; hence, the rate of display of network traffic is slow compared to other attacks,
SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 4
making its detection difficult. The attack launched on a system is measured in terms of requests
● HTTP flood
attack the web server or web-based application. The attack uses less bandwidth on the target host
to remain undetected. The attacker makes sure that the web-based application server uses
attack.
b. Protocol attacks
The attack was launched by a malicious user to over-consuming the available server
resources or the existing resources of the load balancers and the network firewalls, thereby
leading to a denial of service attack (Yadav et al. 2016). The attack is also called state
exhaustion, as it causes a complete disruption of the server functionality. The attack targets the
OSI model's network layer and transport layer, layers 3 and 4. The attack is portrayed using the
The attack launched uses the TCP handshake where the computers in a network initiate
communication by sending the target number of TCP connections with spoofed source IP
addresses. When a client sends an HTTP request and the server before confirmation, more
requests come in until it becomes overwhelming, and the resources depleted, causing a denial of
service when the target machine sends responses to the clients that made connection requests and
waits for the final handshake that never comes leading to exhaustion of target machine resources
The malicious pings are sent to the target host by the attacker. There exists a limit of
packets sent in the data link layer. A larger IP packet is split into multiple IP packets making the
recipient host reassemble the packets for completion (Yihunie et al. 2018). The attacker
maliciously fragments a content making the host end up with a larger IP packet on reassembling.
The result leads to the overflowing of the memory buffer allocated to the packet. The attack
c. Volumetric attacks
The malicious user on launching this attack consumes all the existing bandwidth
between the target machine and the larger internet, thereby causing high-level congestion in the
network (Larson & D, 2016). The attack's nature is based on the transmission of numerous data
to an identified target using the application as the basic form or using other manipulative ways of
creating massive traffic in the network, such as the request sent from a botnet. The attacker uses
● ICMP floods
The attack focuses on overwhelming the target source. Let's say the server with the ICMP
Echo requests or the ping packets. The botnet controlled by the attacker sends the packets faster
without waiting for a response or replies. The attacks consume the incoming and outgoing
bandwidth since the server being targeted will try responding to the ping packets resulting in
● UDP floods
The attack focuses on flooding the target with User Datagram Packet to ensure the
random ports are flooded on the remote host. The host continuously checks for the listening
SECURITY ATTACK ON SYSTEMS AND WEB SERVERS 6
application at that port, having ICMP destination unreachable packet, thereby sapping the
The attacker makes sure that he sends multiple requests to an available Domain name
Server using a spoofed IP address in the network. The server's target IP address receives the
request from the owner of the spoofed IP address from the server in the network, which leads to
congestion because of numerous requests sent to them, causing a denial of service attack (Costa
et al. 2016).
● Use of Anti-DDOS software modules and hardware where load balancers are used and
the addition of software modules in different web servers to prevent the occurrence of
DDoS. The close monitoring of incomplete connections flushing them out as the number
reaches a given threshold value configured is the best preventive measure to DDOS.
● Configuring the hardware in the network against DDOS attacks will reduce malicious
activities on the network. Small changes like configuration of firewall to drop requests