Training Network Managers in Ethical Hacking
Techniques to Manage Resource Starvation
Attacks using GNS3 Simulator
Kemal Hajdarevic*, Adna Kozic**, Indira
Avdagic***
Faculty of Electrical Engineering, University of
Sarajevo
Sarajevo, Bosnia and Herzegovina
*khajdarevic@etf.unsa.ba, **akozic1@etf.unsa.ba,
***indira.avdagic@etf.unsa.ba
Abstract – The threat of resource starvation attacks is one of
the major problems for the e-Business. More recently these
attacks became threats for Cloud environments and Denial
of Service is a sub-category of these kinds of attack. The
network management is process of taking proactive actions
before the attack has taken effect which is responsibility of
skilled employees - network managers. In recent time
vulnerability testing skills are needed to harden system
security. These skills have to be developed thus for we created
scenario in a controlled environment, to provide opportunity
for student trainees to train their skills, so that defense could
be prepared. This paper describes a simulation-based
training scenario using simulator and by using hacking tools
in which student trainees experience the symptoms and
effects of a DDoS attack, practice their responses in a
simulated environment, with goal to prepare them for the
real attacks.
I. INTRODUCTION
Press headlines report attacks on computer networks,
cloud environments with a goal to disrupt services
provided to users of those networks. These attacks produce
consequential effects on business and consumer
confidence. Effects of these attacks vary in their approach,
purpose and effectiveness, but one of the most frequently
launched attacks – probably because it is also one of the
most effective and easy to start – is denial of service (DoS).
With more and more devices on network especially with
Internet of Things (IoT) which are used for different
purposes and are not protected as they should, they often
can be used as agent hosts misused to amplify DoS attakcs,
thus creating Distributed DoS (DDoS) attacks.
In previous work done by one of the authors of this
paper [1] in process of training network managers,
synthetically prepared network traffic that was used
without using real hacking tools, traffic, and devices. In
this paper, we used real traffic generated by real hacking
tools directed to Graphical Network Simulator (GNS3) [2]
simulated environment.
DoS attacks are easy to start by using automated scripts
or tools such as Net Tools 5 [3], or even specially designed


Authorized licensed use limited to:  DE
UNIVERSITE Downloaded
GABES.  on November 12,2023 at 19:01:21 UTC from IEEE Xplore.
Zerina Masetic****, Nejdet Dogru*****
International Burch University,
Sarajevo, Bosnia and Herzegovina
****zerina.masetic@ibu.edu.ba,
*****nejdet.dogru@ibu.edu.ba
operating systems such as Kali Linux [4] which can be
used for ethical hacking purposes [5].
While DoS has many different variations, one of the
effect it that one or more nodes within a network, cloud
environments, [6] and services, are stricken by disruption
or unavailability caused by large volumes of network
traffic. In order to resolve those kinds of attacks is to use
additional resources to handle those kinds of attacks.
Examples of attacks by directing an excessive volume of a
particular request message are ICMP request, or flood of
only TCP SYN packets as part of the TCP three way
handshake, to which the host or service is obliged to
respond.
In situations when available resources such as
processor power, memory resources, communication links
have to provide services for incoming demands are on not
sufficient, system is not able to resolve the service
requirements of legitimate users. Resulting scenario for
this types of attacks is that legitimate users are left without
service, and the attacker reached her / his goal in malicious
intention. Network manager is person responsible for
managing required appropriate quality levels of
availability and security of the network. Our initial idea
was to consider how network manager could be assisted in
protecting managed system more specifically to detect an
attack.
One important issue is the way in which the attack
consequences can be reduced and minimized, if not
prevented. One of the most important steps of above
explained attacks is the DoS attack identification stage. If
detected on time network managers will have time to
protect their network resources if not, users will face
disruption or unavailability of service. Because of this,
early detection of DoS signs shall be recognized on time
before service interruption. Network managers are
responsible to carry out day-to-day network monitoring
using network monitoring tools and respond if a specific
attack is recognized. They learn through doing by
detecting unusual activities in everyday traffic.
Furthermore there is clear need to test security of own
system with goal of preparedness for real security attacks.
This is possible by using ethical hacking techniques [5]
Restrictions apply.
and more important is to develop student trainees future
network managers skills to conduct these vulnerability
tests. Thus for we created simulation environment and
make available simulation tests for training purposes and
reported it in this paper. Student trainees are able to learn
ethical hacking skills using real tools combined with
simulation environment more easily without stress
compared to work with production traffic and real network
devices which is cost effective approach.
II. RELATED WORK
In papers such as [6-14] are presented various
approaches in training student trainees in ethical hacking
techniques using virtual environments. One of the models
which was proposed in[6] is Multi-Vm Laboratory which
is suitable for ethical hacking training purposes we used to
conduct our simulations in this paper. In the paper [10] is
presented ethical educational platform for hands-on lab
activities for exploring DoS attacks that we used as
reference point for shaping our lab environment.
While DoS attack is threat for almost 2 decades [12],
other network environment such as cloud environments as
a part of critical infrastructure inherent same
vulnerabilities that single server had what is addressed in
[13-24] where threat detection systems and approaches for
detection and prevention of DoS based attacks against
cloud environments are proposed. We used results from
[24] to configure our GNS3 simulation environment and
additionally tune configurations in our simulation.
III. RATIONALE FOR EXPERIMENTING AND CREATING
SIMULATED SCENARIOS USING REAL TRAFFIC AND
HACKING TOOLS
As it noticed [1] network manager’s skills develops
over time and with practical experience, but unfortunately,
the most common experience is during real attack and it is
common case that it is first practical experience many
network managers have. Network managers “learn
through working” in process of doing and resolving
problems. One of the skills that network managers might
use is to be able to perform vulnerability testing on their
systems. One way to do this is to have hands-on real hacker
tools and to perform ethical hacking techniques proposed
in Ethical Hacking certification guide [3] to try how it can
look like if real attack strikes their system which can be
mimicked in simulated environment.
Our approach for teaching future network managers is
that it shall include structured approach to learning, in
cloud environment, and using real network traffic by
which novice network managers can practice their skills in
a controlled environment. We have developed such a
scenario using GNS3 [2], described in detail in [24]. This
paper describes how we have incorporated the effects of a
DoS attack into that tool, to give a student trainees a future
network manager the opportunity to recognize these
symptoms and to practice their response to the attack by
placing appropriate firewall and configuring it to be able
to minimize negative impacts and hopefully block
incoming attacks.
In study cases described in this paper, we show how
these real traffic is manipulated to create a DoS attack. The
structure of this paper is as follows: we state the need to
Authorized licensed use limited to: UNIVERSITE DE GABES. Downloaded on November 12,2023 at 19:01:21 UTC from IEEE Xplore. Restrictions apply.
detect and respond to DoS attacks, including a review of
current work in automated detection systems; we then
present the results of our analysis of the symptoms of such
attacks, we then describe how these symptoms are
represented in our simulation system, together with the
other related symptoms; we conclude with an analysis of
the effectiveness of our approach and a description of
further work.
IV. TEST BED SCENARIO AND USED HARDWARE AND
SOFTWARE COMPONENTS
For the study case presented in this paper, we used
network management simulator tool GNS3 which can use
a combination of synthetically varied data and real traffic
attacks launched with hacker tools described below.
In our work, we simulated Denial of Service (DoS)
attack to a web server, which is placed in the DMZ. DoS
attack is simulated as a traffic flooding from the attacker
machine, which is, in this case, our virtual machine.
Furthermore, we analyzed the network traffic, considering
two study cases [24]:
a) Cisco ASA firewall is disabled and all the traffic is
passing through it to the server,
b) Cisco ASA firewall is enabled and filters are set to
let genuine traffic pass to the web server.
During the attack, as learning activity we advise
student trainees to sniff network traffic using Wireshark
[25] tool to be able to compare results of these cases
mentioned above. As we stated previously our goal was to
offer student trainees environment and study case
scenarios of DoS attacks with goal to prepare them for
experience from real world and DoS attacks.
A. Hardware and software components for test bed
scenario
To perform simulation, we used VirtualBox 5.1.22 on
the Windows 8 machine with 8 GB RAM and processor
Intel(R) Core(TM) i5-45900 CPU @ 3.30GHz, and
installed Windows 7 Ultimate 64-bit with 4 GB RAM and
30 GB of virtual disk [11]. We used virtual machine (VM)
to protect our computer from the potential threats during
the DoS attack simulation, which was done using Net
Tools 5 [3].
Furthermore, we installed GNS3-1.4.6 [2] on our VM,
together with Net Tools 5 [3] and Wireshark [25]. GNS3
[2] software enables building simple and complex virtual
networks without having physical devices, such as routers
and switches, to simulate real network components. To do
so, we used emulators such as Dynamips [26] and Qemu
[27] and create software equivalents of hardware devices.
Furthermore, GNS3 [2] can be connected to the external
virtual machines or physical devices, that provides
creating more complex network topologies and simulation
of real scenarios.
GNS3 [2] needs real Cisco IOS images to emulate
Cisco routers (and other devices). In our simulation, we
used 3725 and 7200 series routers. Furthermore, we used
the IOS image c3725-adventerprisek9-mz.124-25d for
Cisco 3725 and c7200-adventerprisek9-mz.152-4.M7 in
our simulation. Each router requires specific RAM
memory. Minimal memory for router c3725 is 128MB,
and for c7200 is 512 MB.
Moreover, we used Cisco ASA firewall as it is a
security device that combines firewall, antivirus, intrusion
prevention, and virtual private network (VPN) capabilities,
and we believe it is a good security mechanism for attack
prevention. In our simulation, we added Cisco ASA 8.4
version on GNS3 [2], with 1 GB of RAM memory.
B. Hacking tools used in test bed scenario
In our test bed scenario, we used already mentioned Net
Tools 5 [3] (Fig. 1.) which is a set of different tools for
monitoring, scanning, and administration of networks. It is
designed for Windows operating systems and it is a very
strong combination of network scanning, security, file,
system, and administrator tools that could be used in
diagnosing and computer's network connections for
system administrators.
However, this tool enabled us to simulate DoS attack
from the attacker machine to the web server.
Figure 1. Net Tools 5 [3] – One of vulnerability flood testing tools
V. PREPARATION FOR SIMULATING AN
ATTACK - THE TCP/SYN EXAMPLE
The TCP/SYN attack [11] is a well-known variant of
DoS, in which an attacker launches a series of TCP/SYN
packets (TCP three way handshake - connection
establishment requests) at a target. These packets typically
each have a different (spoofed) source IP address, which is
unreachable from the target. The “rules” of TCP
connection establishment require the target to issue a
SYN-ACK packet in response, and to allocate resources
(buffer and table space etc.) for the “new” connection.
Whilst this is sufficient to tie up resource at the target,
and is therefore a DoS attack in its own right, a
consequence of attempting to send a packet to an
unreachable IP address is that the next hop (router) will
return an ICMP “Destination unreachable” message to the
sender, so further consuming buffer space.
Any existing (legitimate) connections to or from the
target will experience a gradual reduction in their
throughput, and may, as the attack develops, timeout. New
legitimate attempts to connect are likely to fail due to
timeout before completion.
Authorized licensed use limited to: UNIVERSITE DE GABES. Downloaded on November 12,2023 at 19:01:21 UTC from IEEE Xplore. Restrictions apply.
VI. EARLY ATTACK DETECTION SIMULATION
Early detection of attacks or other anomalies which
could harm a network in some way is the subject of much
current research. An automated system which is able to
recognise and prevent attacks or other anomalies, and
work with already standardized mechanisms for network
management, is preferable to those systems and projects
whose goal is to design new hardware equipment such as
Many attacks come from outside a secured network and
are delivered through network gateways.
Although this impact will be most obvious at the node
(web server) being attacked (as we show below), there will
also be (probably lesser) impacts on the near neighbour
nodes, and particularly on the gateway router devices. In
view of the possible failure of the “attacked” node, we
must also pay attention to the way in which neighbouring
nodes represent the developing attack, and include those in
our simulation.
We initiated this process by presenting an analysis of
the effects of a DoS attack on a small network of the type
which is similar to the environment in which our student
trainees are likely to work. We show what a trainee will
experience when she/he is presented with this simulation,
using real traffic and effects on simulated environment.
Another contribution of this paper is to present the way
how ethical hacker tool such as Net Tools 5 [3] can be used
as vulnerability testing tool – Fig. 1.
A. Effects of firewall in simulated environment
We designed network segments with internet hosts and
network segment of protected network where ASA
firewall was placed to protect network from Internet and
potential attackers.
Figure 2. Our simulated network environment based on [24]
B. Firewall switched off
In the first scenario, we disabled the ASA firewall, so
the network traffic can pass through it to a server. After all
the devices are setup and connected to a topology shown
in Fig. 2., we tested the connectivity between the attacker
PC and web server by sending ICMP packets (Fig. 3.).
Upon having successful connection, we could attack the
web server.

Figure 3. Connection testing form CMD from PC1 and PC2
We were sending different number of packets from the
attacker (Fig. 4.) and, at the same time, monitoring the
network in Wireshark [25]. This is practice that student
trainees perform which is to monitor and learn how signs
of real attack look like.
Figure 4. Wireshark – Captured SYN Flood
Wireshark [25] in its window showed many SYN
packets send and many SYN ACK packet received.
However, attacker had never sent the final ACK to close
the connection.
Figure 5. Connection testing form CMD from PC1 and PC2
Furthermore, we were unable to reach the web server
from the other machines (Fig. 5. and Fig. 6.), meaning that
the attack was successful.
Figure 6. Wireshark Flow Graph during DoS attacks
Authorized licensed use limited to: UNIVERSITE DE GABES. Downloaded on November 12,2023 at 19:01:21 UTC from IEEE Xplore. Restrictions apply.
C. Firewall switched on
In second scenario, we enabled the ASA firewall and set
the filter, defining which connections and how many of
them could be established. We configured ASA firewall
by limiting the number of “half open connections” a client
can have [28]. If the limit of half-open connections is
reached, then the ASA firewall responds to every SYN
packet, originally sent to the server, with a SYN ACK, and
does not pass the SYN packet to the internal server. If the
sender responds with an ACK packet, then the ASA
firewall recognised it as not a part of a potential DoS
attack, rather a valid request. Then, firewall establishes a
connection with a web server.
The firewall uses SYN cookies technique so it knows
which requests are legitimate and which are not. Using this
technique, the server does not record a new request until
the final ACK is received. Therefore, the SYN queue will
not be filled up under the SYN flood attack.
We repeated the same scenario explained in Case 1, i.e.
simulating DoS attack using Net Tools 5 [3] from the
attacker machine to a web server. At the same time, we
monitored the network using Wireshark [25] and analyzed
the traffic (Fig. 7.). We noticed that SYN packets did not
reach the web server at all. However, when we initiated the
„normal“ connection from the machine that is not
attacking the server, packets could reach the web server,
as ASA firewall recognized the valid request.
Figure 7. Wireshark Flow Graph during DoS attacks blocked by firewall
VII. SIMULATION RESULTS
Analysis of the system in both cases (when Firewall is
switched off, and Firewall switched on) was done while
considering different criteria, such as: a) how long the
server was inaccessible to the other devices, b) number of
received packets, c) number of lost packets during the
attack while sending 100 packets per connection. Table 1
compares these two cases considering above mentioned
criteria.
A. Case 1 – Firewall switched off
It was measured that 22 sent packets are lost for 850
open connections. On the other side, the least number of
lost packets is for the case with 100 open connections. The
reason is that 100 open connections are not enough to
congest the server and fill the buffer space with SYN
connection to make it inaccessible.
From the Table 1. can be seen that the server is
inaccessible for the 115.19 seconds when 850 connections
are open and it is accessible during the 100 open
connections. For 350 and 600 sent connection, server is
inaccessible for 19.17 and 23.35 seconds, respectively.
The lost packets can be noticed in the Wireshark [25] by a
message „Destination unreachable (Type: 3), Protocol
unreachable (Code: 2) “.
TABLE 1 - COMPARISON OF “FIREWALL OFF” AND “FIREWALL ON” CASES
IN TERMS OF SERVER ACCESSIBILITY, NUMBER OF SENT AND RECEIVED
PACKETS
B. Case 2 – Firewall switched on
In ASA firewall configuration, we limited following
available configuration settings: a) maximum number of
embryonic connection (200), b) maximum number of TCP
connections (100), c) total number of connections per
client (5) and d) total number of embryonic connection per
client (10) [28]. This limitation decreased the number of
sent SYN requests from attacker PC. When the limit is
reached, ASA firewall replies with SYN ACK (as ASA
acts as proxy) without forwarding requests to a server,
until it receives ACK from sender, making sure that it is
legitimate request. Table 1. shows that the server will
always be accessible, no matter how many embryonic
connection requests are sent by the attacker using firewall.
Furthermore, it is accessible by the other hosts and there
are no lost packets. Total number of connection is 5, as we
set that limit in ASA firewall.
Obviously, security mechanisms shown here could be
an effective method for preventing a potential SYN flood
attack, and therefore disabling unwanted system resource
consumption and making server inaccessible for other
hosts.
VIII. THE EFFECTS ON HOSTS IN THE SAME NETWORK
As it expected other hosts and nodes will also be
affected by a DoS attack, but the major impact will be on
those users who wish to be, connected to the attacked node.
This is represented by reduced their “traffic flow” during
the attack, and by terminated some “connections” as the
attacking traffic became heavier. Other results of affected
devices which share a connection with the attacked node.
Are that they experienced a slow connection speed, with
the occasional connection loss due to time out as shown in
Figure 5. The router which detects that the SYN/ACK
frames generated by the target and cannot be forwarded
will inform the target (via ICMP) that the destination is
unreachable. Because DoS symptoms are developed over
time, trainee has to establish remedial actions to recover
from the attack.
Authorized licensed use limited to: UNIVERSITE DE GABES. Downloaded on November 12,2023 at 19:01:21 UTC from IEEE Xplore. Restrictions apply.
Other activities are possible from this point of research:
we will use simulation environment as it stands using
different scenarios, different network and traffic settings
providing them to gain knowledge and deeper insight of
real attack scenarios; use trainee actions and record their
responses which can give insight in learning difficulties,
using statistics or data mining techniques.
IX. RESULTS AND CONCLUSIONS
Our model represents a form of attack which is well
known, and newer forms of DoS attacks could present
different symptoms. Our implementation and findings
indicates the need to develop scenarios similar to those
presented here with goal to educate large number of future
network administrators who may not have enough
experience, tools such as intrusion detection and
prevention systems, but who are still expected to
proactively monitor and defend computer networks for
which they are responsible. We believe that provide
documentation for our trainees so that they can learn from
live scenarios to manage network which is target for an
DoS attack. We also believe that we succeed in adding
value in learning experience of novice network managers
and ethical hackers. We are in process of development of
more similar scenarios in simulated network environment
with goal to provide extensive training experience.
X. REFERENCES
[1] Colin Pattinson, Kemal Hajdarevic, Training Network Managers to
Recognise Intrusion Attacks, In Proceeding of the First
International Conference on E-Business and Telecommunication
Networks, 2004, pages 269-274
[2] Graphic Network Simulator (GNS3), Available at
https://www.gns3.com/, [Accessed on 09.06.2017]
[3] M. Williams, Net Tools 5, 2011, Accessible at: www.techworl.com
[4] Kali Linux Penetration Testing and Ethical Hacking Linux
Distribution, Accessible at: https://www.kali.org/, [Accessed on
09.06.2017]
[5] Certified Ethical Hacker, Available at:
https://cert.eccouncil.org/certified-ethical-hacker.html , [Accessed
on 09.06.2017]
[6] R. Kumar, S. P. Lal and A. Sharma, "Detecting Denial of Service
Attacks in the Cloud," in 2016 IEEE 14th Intl Conf on Dependable,
Autonomic and Secure Computing, 2016
[7] P. Li and T. Mohammed, “Integration of virtualization
technology into network security laboratory,” in Proc. 38th Annual
Frontiers Educ. Conf., Oct. 2008, pp. S2A-7-S2A-12.
[8] M. Wannous and H. Nakano, “NVLab, a networking
Virtual Web-based laboratory that implements virtualization and
virtual network computing technologies,” IEEE Trans. Learning
Technol., vol. 3, no. 2, pp. 129-138, Jun. 2010.
[9] M. Anisetti, V. Bellandi, A. Colombo, M. Cremonini, E.
Damiani, F. Frati, J. Hounsou, and D. Rebeccani, “Learning
computer networking on open paravirtual laboratories,” IEEE
Trans. Educ., vol. 50, no. 4, pp. 302-311, Nov. 2007.
[10] A. Kara, E. Aydin, M. Ozbek, and N. Cagiltay, “Design and
development of a remote and virtual environment for experimental
training in electrical and electronics engineering,” in Proc. 9th
ITHET, pp. 194-200, 2010.Shamma
[11] Al Kaabi, Nouf Al Kindi, Shaikha Al Fazari and Zouheir Trabelsi,
Virtualization based Ethical Educational Platform for Hands-on
Lab Activities on DoS Attacks. 2016 IEEE Global Engineering
Education Conference (EDUCON), 10-13 April 2016, Abu Dhabi,
UAE
[12] The Carnegie Mellon University CERT Coordination Center,
(1999) 1999– UDP DoS. http://www.cert.org/incident_notes/IN-
99-07.html [Accessed 12 October 2003]
[13] Z. Chen, G. Xu, V. Mahalingam, L. Ge, J. Nguyen, W. Yu and C.
Lu, "A Cloud Computing Based Network Monitoring and Threat
Detection System for Critical Infrastructures," Big Data Research,
2015. [21]
[14] B. Joshi, A. S. Vijayan and B. K. Joshi, "Securing Cloud Computing
Environment Against DDoS Attacks," in International Conference
on Computer Communication and Informatics (ICCCI-2012),
2012. [22]
[15] T. M. Prwez and K. Chatterjee, "A framework for Network
Intrusion Detection in Cloud," in 6th International Advanced
Computing Conference, 2016.
[16] C. N. Modi, D. R. Patel, A. Patel and R. Muttukrishnan, "Bayesian [23]
Classifier and Snort based Network Intrusion Detection System in
Cloud Computing," in Third International Conference on
Computing, Communication and Networking Technologies [24]
(ICCCNT'12), 2012.
[17] T. M. Khorsed, S. A. B. M. Ali and S. A. Wasimi, "Classifying
different denial-of-service attacks in cloud computing using rule-
based learning," Security and Communication Networks, vol. 5, pp. [25]
1235-1247, 2012.
[18] M. T. Khorshed, N. A. Sharma, K. Kumar, M. Prasad, A. B. M. S. [26]
Ali and Y. Xiang, "Integrating Internet-of-Things with the power of
Cloud Computing and the intelligence of Big Data analytics — A
three layered approach," in 2nd Asia-Pacific World Congress on [27]
Computer Science and Engineering (APWC on CSE), 2015.
[19] T. Y. Win, H. Tianfield and Q. Mair, "Detection of Malware and [28]
Kernel-level Rootkits in Cloud Computing Environment," in IEEE
2nd International Conference on Cyber Security and Cloud
Computing, 2015.
[20] P. Mishra, E. S. Pilli, V. Varadharajan and U. Tupakula,
"NvCloudIDS: A Security Architecture to Detect Intrusions at
Authorized licensed use limited to: UNIVERSITE DE GABES. Downloaded on November 12,2023 at 19:01:21 UTC from IEEE Xplore. Restrictions apply.
Network and Virtualization Layer in Cloud Environment," in 2016
Intl. Conference on Advances in Computing, Communications and
Informatics (ICACCI), 2016.
C.-Y. Chiu, C.-T. Yeh and Y.-Y. Lee, "Frequent Pattern based User
Behavior Anomaly Detection for Cloud System," in 2013
Conference on Technologies and Applications of Artificial
Intelligence, 2013.
A. H. Bhat, S. Patra and D. Jena, "Machine Learning Approach for
Intrusion Detection on Cloud Virtual Machines," International
Journal of Application or Innovation in Engineering &
Management (IJAIEM), vol. 2, no. 6, 2013.
c V. Mahalingam, L. Ge, J. Nguyen, W. Yu and C. Lu, "A Cloud
Computing Based Network Monitoring and Threat Detection
System for Critical Infrastructures," Big Data Research, 2015.
J. Shaik, “DDOS Attack and its Mitigation - Simulation in
GNS3,” November 2016. Available at:
https://www.scribd.com/doc/138093092/DDOS-Attack-
Mitigation-SImulation. [Accessed on 09.06.2017]
Wireshark, sniffing tool, Available at: https://www.wireshark.org/,
[Accessed on 09.06.2017]
Dynamips, Available at:
http://www.iteasypass.com/Dynamips.htm [Accessed on
09.06.2017]
Quemu, Available at: http://www.qemu.org/ [Accessed on
09.06.2017]
Cisco, “ASA/PIX 7.x and Later: Mitigating the Network Attacks,”
30 September 2008. Available at:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-
series-next-generation-firewalls/100830-asa-pix-netattacks.html.
[Accessed 05.09.2017].