SECTION ONE

1.0 INTRODUCTION
SIWES (Student Industrial Work Experience Scheme) was setup to enhance
undergraduate with industrial skills. It requires student to dedicate a particular
portion of their academic pursuit to engage with industries in their industrial
operations.

Brief History of SIWES

The Student Industrial Work Experience Scheme (SIWES) was established in

1973/74 and was solely funded by the Industrial Training Fund (ITF). Its objective
was to equip students of higher institutions around the federation with practical
skills and to expose them to challenges they will possibly face when they
eventually become graduates. Before the establishment of the scheme, there was a
growing concern among industrialists that graduates from the nation’s higher
institutions lacked adequate practical skills necessary for employment into
industries and that the theoretical aspects of various disciplines learnt in the higher
institutions were not adequate. It was for this reason that the scheme was
established. The scheme was solely funded by the ITF in its formative years. The
scheme was brought to a halt in 1978 due to unbearable financial responsibility for
the fund. The Federal Government handed the scheme to both the Nigerian
Universities Commission and the National Board for Technical Education (NBTE)
in 1979. Later, in November 1984, the scheme was reverted to the ITF with the
Federal Government bearing its funding.

1
1.1 Background of the Study/Report
In challenging the need of forming credible graduates, the federal government saw
it necessary to engage undergraduates with industrial skill so as to become familiar
with the industry while in school and be prepared to meet such after graduating.
Having carried out such exercise, the experience and technology of the
organization I worked with needs to be documented.

Every organization has a prior motive of making profits. It begins to wonder why
to make these profits; more money needs to be spent. In recent times, it has been
observed that most expenses are used to incubate Information Technology (IT) in
the organization and facilitate the IT with state-of-the art facilities. Such expense is
positively correlated to high profit.

Hence, there is a need to explain the technology that drives the implementation and
maintenance of Information Technology (IT) in an Organization while maintaining
the ideal of the setting up of the SIWES program.

1.2 Objectives of the Study/Report

The following are some of the objectives which the program attempts to achieve:
This objective includes;
1. To present a formal report on my engagement for the SIWES program
2014/2015 academic session.
2. To show how I applied the principle of academic discipline within the
industrial environment.
3. To show competence in area concerning Information Technology (IT).
4. The Specific objectives of the study include;
5. To highlight the basic composition of an IT department in an organization.

2
 6. To elaborate the technology involved in setting up Information Technology
in an organization.
7. To discover creative and efficient solutions, as regards IT, to improve
activities for ultimate organizational goal.

1.3 Brief History of Big Data Computer Services

Big Data Computer Services is a registered business with corporate affair
commission in the capital city of Imo State Nigeria with Regno: PB62458.

COMPANY VISION
Our vision To expand the world of Technology in sales/service, software design,
web-design & hosting, networking, v-sat installation, renting of projectors, video
coverage/editing & animation, security systems and trained dommies to
professional standard in Networking (CCNA, CCNP) Web-Design (HTML, PHP,
JAVASCRIPT, SQL) Software (JAVA, C++) and lots more.

Today Big Data Computer service is recognized in Nigeria as a leader in Training,

Certification and Career Development content that focuses on the fundamentals for
building IT Careers which still includes simulations of real life environment using
simulation software which are dedicated to such purpose.

1.3.1 ORGANIZATION ORGANOGRAM

SOFTWARE WEB
ENGINEER
CHIEF SERVICE
ENGINEER NETWORK/ TELECOM ENGINEER

HARDWARE AND USER SUPPORT

CHIEF
EXECUTIVE
MARKETING OFFICER3 FIELD MARKETING OFFICER
OFFICER

Figure 1: Company's organogram

 NETWORK SOFTWARE
TRAINER WEB TRAINER

SERVER MGT
CHIEF TRAINING OFFICER
TRAINER

WEB APP STATISTICS

TRAINER TRAINER

CHIEF IT CONSULTANT

SECTION TWO

2.0 SIWES KNOWLEDGE/EXPERIENCES

2.1 HOW DDOS WORK

Denial of service (DoS) attacks have become a major threat to current computer
networks. According to Sivakalai & Jayapriya, (2014), "early DoS attacks were
technical games played among underground attackers". For example, an attacker
might want to get control of an IRC channel via performing DoS attacks against
the channel owner. Attackers could get recognition in the underground community

4
via taking down popular web sites. Because of easy-to-use DoS tools, such as
Trinoo, can be easily downloaded from the Internet, normal computer users can
become DoS attackers as well.(Gu & Liu, 2010)

They sometime coordinately expressed their views via launching DoS attacks
against organizations whose policies they disagreed with. DoS attacks also
appeared in illegal actions. Companies might use DoS attacks to knock off their
competitors in the market. Extortion via DoS attacks were on rise in the past years.
Attackers threatened online businesses with DoS attacks and requested payments
for protection.(Gu & Liu, 2010)

In a DDoS attack, the attacker makes a huge impact on the victim by having
multiplied power of attack derived by a large number of computer agents. It
becomes possible for an attacker because he takes large number of computer
machines under his control over the internet before applying an attack. In fact,
these computers are vulnerable machines in the public network and attacker can
exploit their weaknesses by inserting malicious code or some other hacking
technique so that they become under his control. These compromised machines can
be hundreds or thousands in number. They behave as agents of the attacker and are
commonly termed as ‘zombies.’ The entire group of zombies is usually named as a
‘botnet.’ The size of botnet decides the magnitude of attack. For larger botnet
(increased number of zombies in a botnet), attack is more severe and disastrous.

5
Figure 2: Architecture of DDoS Attack

2.2 DDoS Attack Types

From trying to flood a target with ping command based ICMP echo request to
multi-vector attacks, DDoS attacks have grown bigger and sophisticated over the
years. According to Vishnu, (2016), the following are examples of various types of
DDoS attack:

1. Application Level Attacks

DDoS attacks can target a specific application or a badly coded website to exploit
its weakness and take down the entire server as a result. WordPress and Joomla are
two examples of applications that can be targeted to exhaust a server’s resources –
RAM, CPU, etc. Databases can also be targeted with SQL injections designed to
exploit these loopholes. The exhausted server is then unavailable to process
legitimate requests due to exhausted resources. Websites and applications with
security loopholes are also susceptible to hackers looking to steal information.

2. Zero Day (0day) DDoS

6
This is a standard term (like John Doe) used to describe an attack that is exploiting
new vulnerabilities. These ZERO Day DDoS vulnerabilities do not have patches or
effective defensive mechanisms.

3. Ping Flood

An evolved version of ICMP flood, this DDoS attack is also application specific.
When a server receives a large amount of spoofed Ping packets from a very large
set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is
to flood the target with ping packets until it goes offline. It is designed to consume
all available bandwidth and resources in the network until it is completely drained
out and shuts down. This type of DDoS attack is also not easy to detect as it can
easily resemble legitimate traffic.

4. IP Null Attack

Packets contain IPv4 headers which carry information about which Transport
Protocol is being used. When attackers set the value of this field to zero, these
packets can bypass security measures designed to scan TCP, UDP and ICMP.
When the target server tries to process these packets, it will eventually exhaust its
resources and reboot.

5. CharGEN Flood

It is a very old protocol which can be exploited to execute amplified attacks. A

CharGEN amplification attack is carried out by sending small packets carrying a
spoofed IP of the target to internet enabled devices running CharGEN. These
spoofed requests to such devices are then used to send UDP floods as responses
from these devices to the target. Most internet enabled printers, copiers etc., have

7
this protocol enabled by default and can be used to execute a CharGEN attack.
This can be used to flood a target with UDP packets on port 19. When the target
tries to make sense of these requests, it will fail to do so. The server will eventually
exhaust its resources and go offline or reboot.

6. SNMP Flood

Like a CharGEN attack, SNMP can also be used for amplification attacks. Snmp is
mainly used on network devices. SNMP amplification attack is carried out by
sending small packets carrying a spoofed IP of the target to the internet enabled
devices running SNMP. These spoofed requests to such devices are then used to
send UDP floods as responses from these devices to the target. However,
amplification effect in SNMP can be greater when compared with CHARGEN and
DNS attacks. When the target tries to make sense of this flood of requests, it will
end up exhausting its resources and go offline or reboot.

7. NTP Flood

The NTP protocol is another publicly accessible network protocol. The NTP
amplification attack is also carried out by sending small packets carrying a spoofed
IP of the target to internet enabled devices running NTP. These spoofed requests to
such devices are then used to send UDP floods as responses from these devices to
the target. When the target tries to make sense of this flood of requests, it will end
up exhausting its resources and go offline or reboot.

8. SSDP Flood

SSDP enabled network devices that are also accessible to UPnP from the internet
are easy source for generating SSDP amplification floods. The SSDP amplification

8
attack is also carried out by sending small packets carrying a spoofed IP of the
target to devices. These spoofed requests to such devices are used to send UDP
floods as responses from these devices to the target. When the target tries to make
sense of this flood of requests, it will end up exhausting its resources and go offline
or reboot.

9. Multi-Vector Attacks

We talked about attackers combining Recursive GET attacks with HTTP flood
attacks to amplify the effects of an attack. That’s just one example of an attacker
using two types of DDoS attacks at the same time to target a server. Attacks can
also combine several methods to keep the engineers dealing with the DDoS attack
confused. These attacks are the toughest to deal with and are capable of taking
down some of the best protected servers and networks.

10.SYN Flood

This attack exploits the design of the three-way TCP communication process
between a client, host and a server. In this process, a client initiates a new session
by generating a SYN packet. The host assigns and checks these sessions until they
are closed by the client. To carry out a SYN Flood attack, an attacker sends a large
amount of SYN packets to the target server from spoofed IP addresses. This attack
goes on until it exhausts a server’s connection table memory –stores and processes
these incoming SYN packets. The result is a server unavailable to process
legitimate requests due to exhausted resources until the attack lasts.

11.SYN-ACK Flood

9
The second step of the three-way TCP communication process is exploited by this
DDoS attack. In this step, a SYN-ACK packet is generated by the listening host to
acknowledge an incoming SYN packet. A large amount of spoofed SYN-ACK
packets are sent to a target server in a SYN-ACK Flood attack. The attack tries to
exhaust a server’s resources – its RAM, CPU, etc. as the server tries to process this
flood of requests. The result is a server unavailable to process legitimate requests
due to exhausted resources until the attack lasts.

12.ACK & PUSH ACK Flood

During an active TCP-SYN session, ACK or PUSH ACK packets carry

information to and from the host and client machines till the session lasts. During
an ACK & PUSH ACK flood attack, a large amount of spoofed ACK packets are
sent to the target server to deflate it. Since these packets are not linked with any
session on the server’s connection list, the server spends more resources to process
these requests. The result is a server unavailable to process legitimate requests due
to exhausted resources until the attack lasts.

13.ACK Fragmentation Flood

Fragmented ACK packets are used in this bandwidth consuming version of the
ACK & PUSH ACK Flood attack. To execute this attack, fragmented packets of
1500 bytes are sent to the target server. It is easier for these packets to reach their
target undetected as they are not normally reassembled by routers at the IP level.
This allows an attacker to send a small amount of packets with irrelevant data
through routing devices to consume large amounts of bandwidth. This attack
affects all servers within the target network by trying to consume all available
bandwidth in the network.

10
2.3 Mitigation approach I adopted during the course of my IT

1. Determining the Nash equilibrium for both the attack and defence in a single
or multiplayer game environment.
2. Simulating a game model on NS3 using the Nash equilibrium which will
serve as a firewall mechanism against DoS/DDoS attack on web servers.

I focused on developing a firewall mechanism that will be deployed on web server

interfaces to permit legitimate packets while blocking attack packets from reaching
the server.

The design model diagram is as shown in figure 3. This diagram is an

improvement of what was done by (Wu et al., 2010).

The model is made up of 6 basic components namely:

1. Attacker (Ai)
2. Zombies (Zi)
3. Legitimate users (Li)
4. The DMZ (VRRP Network of two routers and a switch) (DMZ)
5. The firewall router (FW)
6. Target server (T)

11
 ATTACKER

VICTIME
ZOMBIES DMZ FIREWALL SERVER

LEGITIMATE
USER

Internet cloud

Figure 3: Dos/Ddos Mitigation Model Diagram

The attacker triggers the zombies to flood the victim server with bogus packets.
This occurs while legitimate users still need to send packets to the server. The
DMZ is a network of 2 routers and one switch running a virtual redundancy
routing protocol (VRRP). The DMZ provides redundancy for the network with a
router failover network structure.

Detailed explanation of the firewall I modelled

The firewall is where the mitigation scripts runs that decipher between legitimate
and illegitimate packets and drops them where needed. The victim server is the
target of the attacker/zombies and should be kept safe by the firewall as much as
possible.
Finally in this section, computational representation involves specifying
assumptions. Some of these assumptions relate to boundary or scope conditions of
the theory. But other assumptions are simplifications of the simulation itself that

12
enable the researcher to strip out complexity in order to focus on the central logic
and constructs. (Davis et al., 2007)
Certain assumptions are required to properly model the system. They include the
following:
1. Single attacker controls all of the zombies that act as attacking nodes, each
of which sends a flow of bogus packets to the server server.
2. The DMZ is a network of two routers and a switch that failover when there
is bogus packets providing some level of protection for the network. A little
latency is permitted at the DMZ.
3. The firewall has no knowledge of whether the flow is coming from the
attacker or a legitimate user.
4. The FW’s belief on the legitimacy of the flow decreases with the increase of
the flow rate.
5. Some packets of a flow f are dropped in the firewall when the total incoming
flow rate T is more than the available band- width B.
6. The attacker does not spoof a unique source address for each packet in a
single flow. Such spoofing would be extremely difficult and is highly
unlikely to occur. Note that when the spoofed source address is the same for
the entire flow, the filtering mechanism would act the same as if there were
no spoofing.

2.4 TOOLS OF DENIAL OF SERVICE ATTACK

Detailed tools used during the course of my Industrial attachment at big data
computer service include the follow;

1. HOIC
2. LOIC
3. HTTP Unbearable Load King (HULK)
4. R.U.D.Y (R-U-Dead-Yet)

13
 TOOLS FOR DETECTION OF DENIAL OF SERIVICE ATTACK

A tool which i used during my industrial attachment for the detection of some
of the ddos attack which i simulated is wireshark.

Figure 4: Detection Of Ddos Attack Using Wireshark

2.5 About the Simulator I Used Ns3

Ns-3 is a discrete-event network simulator in which the simulation core and
models are implemented in C++. ns-3 is built as a library which may be statically
or dynamically linked to a C++ main program that defines the simulation topology
and starts the simulator. ns-3 also exports nearly all of its API to Python, allowing
Python programs to import an “ns3” module in much the same way as the ns-3
library is linked by executables in C++.

14
Figure 5: Software organization of ns-3

2.6 NETWORK CABLE INSTALLATION AND REPAIRS

CRIMPING NETWORK CABLES (BOTH RJ-45 and RJ11)
There were times in the company where user’s network cables were not blinking
the (green and yellow) light when I plugged to the system /laptops network port.
If the network cable is faulty or in low state the network should be low limited or
no connectivity. In such cases I traced the faulty network cables from the system
through the network rack and do some re-crimping of the cables. Before cutting
and separating the tiny cables embedded inside the CAT5 ethernet cable and
arrange them in the following order.
1. White Orange
2. Orange
3. White Green
4. Blue
5. White Blue
6. Green
7. White brown

15
 8. Brown

Figure 6: how to clip network cables

The cat5 cables are terminated and configured at both ends using a crimping tool (a
piece of hardware used together with the connectors to hold the wire firmly). There
are 2 types of cat5 cable configurations.

16
 Cross Cable W

Straight Cable

Figure 7: Arrangement of Cat5 Network Cable

I also learnt how to crimp cables most especially CAT5 cables.

Some tools needed for crimping cables are:
1. RJ45 Connector
2. CAT 5 cable
3. Network cable tester
4. An RJ 45 crimper
I also learnt how to trace network cable from the network point which labelled to
the network rack, patch panel, switches ad router so as to avoid removing of a
working users network cables.

17
 Figure 8: Already prepared network cable

2.7 TESTING OF CONNECTIVITY USING PING

Ping is a program that is useful for verifying a successful TCP/IP installation. It is
named after the sonar operation used to locate and determine the distance to an
underwater object. Ping stands for Packet Internet Groper.
The ping command works by sending multiple IP packets to a specified
destination. Each packet sent is a request for a reply. The output response for a
ping contains the success ratio and round-trip time to the destination. From this
information, you can determine if there is connectivity to a destination. The ping
command is used to test the NIC transmit/receive function, the TCP/IP
configuration, and network connectivity.
The following are some usages of the ping command:
1. Ping 127.0.0.1 (internal loopback test)—this verifies the operation of the
TCP/IP stack and NIC transmit/receive function. Figure 1-9 shows the ping
127.0.0.1 test.

18
 2. Ping IP address of host computer—verifies the TCP/IP address
configuration for the local host.
3. Ping default-gateway IP address—verifies whether the router that connects
the local network to other networks can be accessed.
4. Ping remote destination IP address—verifies connectivity to a remote host.

Figure 9: Test of Ping for Network Connectivity

19
 SECTION THREE
3.0 CONCLUSION AND RECOMMENDATION
3.1 Summary of Knowledge/Experiences Gained
During my Industrial Training Program, I went through training in various units of
the information and technology department. The experience was thought
provoking in the sense that I was exposed technically on the job as well as how to
handle human capital requirements.
Below is a breakdown of some of the jobs that I did in the user support unit.

1. Monitoring of network performance using wireshark.

2. Joining a system to the network domain.
3. Simulation of network using Cisco packet tracer.
4. Setting up of office network and adding of computers to the work group.
5. Simulation of network under attack using NS3.
6. Writing of NS3 files using C++ and Python.
7. Updating of Linux systems used for the simulation.
8. Preparation of penetration testing environment used for attack in kali-Linux.
9. Installation and preparation of printer.
10.Installation of antivirus on windows machines.
11.Installation of additional RAM on a system and learning about the various
part of a motherboard.
12.Network cable installation and repair.
13.System Maintenance and Troubleshooting.

3.2 Conclusion
I must confess that the program contained some shortcomings, which had
personally affected me. But despite some lapses, the program, I must say, it did me
a lot of good than bad.
The program has afforded me the opportunity to know exactly those things
expected of me by the large society as a responsible man. I must also confess that

20
the basic knowledge I obtained in the university was of tremendous help to me
during my training.
In summary, I agreed that all had not been bed of roses, but as stated earlier, the
program has done more good than bad. The program, I will therefore, say was a
successful one and was able to meet its entire objection. I strongly believe I can
effectively compete with others in the field of information technology as my
career.
3.3 Recommendations
Although I had a very eventful time at BIG DATA COMPUTER SERVICES,
these are some of my observations I believe if improve upon will enhance the
efficiency of students on Industrial training.

I recommend that the company should expose the students to train in various unit
of the information technology department, the training exercise be redefined in
order to make room for total absorption of the student into the programme when
posted.

21
 REFERENCE
Aamir, M., & Zaidi, M. A. (2013). A Survey on DDoS Attack and Defense
Strategies: From Traditional Schemes to Current Techniques. Interdisciplinary
Information Sciences, 19(2), 173–200. http://doi.org/10.4036/iis.2013.173
Beitollahi, H., & Deconinck, G. (2012). Tackling application-layer DDoS Attacks.
Procedia Computer Science, 10, 432–441.
http://doi.org/10.1016/j.procs.2012.06.056
Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms:
Classification and state-of-the-art. Computer Networks, 44(5), 643–666.
http://doi.org/10.1016/j.comnet.2003.10.003
Cresponet blog on About Cresponet Retrived on 14th December 2016 11:30PM
from URL: http://www.cresponet.com/about.html
How to stuff blog on How to test Network Connectivity Retrived on 14th
December 2016 11:35PM from URL:
http://www.howtostuff.com/testingfornetwork-connectivity.html

22