International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 2, February 2016)
231
A Basic Study of DDoS Attacks Using GENI Testbed
Rinkel Mehto
1, Monika Sachdeva
2, Daljeet Kaur
31M.Tech, Comp. Science & Engg., SBSSTC, Ferozepur, India 2,3
Asso.Prof. Comp. Science & Engg. Department, SBSSTC, Ferozepur, India
Abstract—Distributed Denial of Service (DDoS) is defined
as an attack in which multiple compromised systems are made to attack a single target to make the services unavailable for legitimate users. It is an attack designed to render a computer or network incapable of providing normal services. DDoS attack uses many compromised intermediate systems, known as botnets which are remotely controlled by an attacker to launch these attacks. DDOS attack basically results in the situation where an entity cannot perform an action for which it is authenticated. There are Network Research Validation Techniques evaluating in literature like Simulation, Emulation and Real-Time but out of these Emulation is very promising approach in which experiment is performed in GENI testbed. GENI must provide capabilities to enable a science of security that involves the experimental validation of security-related hypotheses that could not be validated in current testbed settings. The operation of GENI will require careful planning to enable communication among the federated organizations to handle (security and other) problems.In this paper we explore the GENI testbed by using Iperf .
Keywords – DDoS, Iperf, GENI, Geni Desktop, Botnets.
I. INTRODUCTION
A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
In a DDoS (Distributed Denial of Service) attacks are launched from multiple connected devices that are distributed across the Internet. DDoS attacks are launched from botnets large clusters of connected devices (e.g., cell phones, PCs or routers) infected with malware that allows remote control by an attacker. The goal of DDoS attacks are first it overloads the server with unwanted traffic and Second goal is to acquire the bandwidth by generating the large volume of unwanted traffic . [1]
For better understanding how DDoS attacks work, lets analyze them from a criminological point of view.
Fig.1. DDoS Attacks
DDoS attacks can be broadly divided into three types:-
1. Volume Based Attacks
The attacks goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps). Includes UDP floods, ICMP floods and other spoofed-packet floods.
ICMP is the language used by computers on the Internet to talk to each other about errors and other status related issues. They are generally considered to be low priority messages. Some ICMP messages perform an important role. Others are less important and can be easily filtered. Generally ICMP messages used in a DDoS attack can be easily filtered although it is easy to blast out large volumes of packets using this protocol as there is no built in flow control mechanism.[2]
UDP is another way for computers to transfer data but it is one that is used for data that does not need to be in a reliable stream.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 2, February 2016)
232 2. Protocol Attacks
This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balances, and is measured in Packets per second. Includes SYN floods , fragmented packet attacks, Ping of Death, Smurf DDoS and more.
3. Application Layer Attacks
An application-level attack is a DDoS attack that overloads an application server, such as by making excessive log-in, database-lookup or search requests. Application DDoS attacks, also called Layer 7 attacks, are harder to detect than other kinds of DDoS attacks, because the connection has already been established and the requests may appear to be from legitimate users. However, once identified, these attacks can be stopped and traced back to a specific source more easily than other types of DDoS attacks.
IMCP ping flood One of the simplest and oldest
methods, this one was used to great effect during the Estonia and Georgia attacks of recent years.
Otherwise law abiding citizens simply typed „ping‟ and an IP address from their home computers. The combined impact of hundreds of thousands of such simultaneous commands can be enough to disrupt communications with a website. As with many of these types of attack, there are tools to automate this over a large number of infected machines in a botnet.
II. THE DDOSATTACKS PROBLEM
The definition provided by is the definition for Denial-of-service attack-
“A denial-of-service attack is characterized by an exclusive function of the attack and an explicit attempt by one or more attackers to prevent one or more legitimate users of a service from using that service.”
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A DDoS attack deploys multiple machines to attain this goal. The service is denied by sending a stream of packets to a victim that either consumes some key resource, thus rendering it unavailable to legitimate clients, or provides the attacker with unlimited access to the victim machine so he can inflict arbitrary damage. In figure “Ping of Death” type DDoS attack in shown.
Fig.2. Type of DDoS Attack e.g. “Ping of Death”
III. THE DDOSATTACK STRATERGY
In order to perform a distributed denial-of-service attack, the attacker needs to recruit the multiple agent (slave) machines. This process is usually performed automatically through scanning of remote machines, looking for security holes that would enable subversion. Vulnerable machines are then exploited by using the discovered vulnerability to gain access to the machine and they are infected with the attack code. The exploit/infection phase is also automated and the infected machines can be used for further recruitment of new agents. [4]
Agent machines perform the attack against the victim. Attackers usually hide the identity of the agent machines during the attack through spoofing of the source address field in packets. The agent machines can thus be reused for future attacks.
IV. DDOSATTACK GOALS
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 2, February 2016)
233 V. NETWORK RESEARCH VALIDATIONS TECHNIQUES
We have investigated various Network Research Validation Techniques like Simulation, Emulation and Real-Time Experiments used for the validation of various DDoS detection methods.
1. Simulation
The Research area of Communication and Computer networks, Simulation is a useful technique. Network simulation is typically program which runs on a single computer, and takes abstract description of network traffic. Simulation has Ns2 and Ns3 network simulators. They are Open source simulators. [6]
2. Emulation
Emulation had differ from the simulation in that network emulator appears to be a network end system such as computers can be attached to the emulator and will behave are attached to a network. A network emulates the network which connects end systems which emulate the end systems are called traffic generators.
3. Real System
In which provide a real Platform for performing your work. Real time is more flexible word. Planetlab and GENI is also Real-Time experiment based testbeds. In GENI using various cross layer measurement capabilities to perform real time experiments. [7]
VI. GENI
GENI (Global Environment for Networking Innovation) has a set of network and computer resources which are managed by aggregates that provide real or virtual resources for scalable experiments. GENI is a new network testbed, nationwide suite of infrastructure supporting research in networking, distributed systems, security and novel application. [8]
Why should I use GENI?
1.A large-scale experiment infrastructure 2.Non-IP Connectivity across resources
3.Deep Programmability
4.Reproducibility
5.Instrumentation and Measurement tools
GENI allows experimenters to:
1.Connect resources using Layer 2 topologies in
network best suited to their experiments.
2.Control network switches in their experiment handle traffic flows.
3. Run layer 3 and above protocols by installing
protocols software in their compute resources and providing flow controllers for their switches.
Fig.3. GENI Experiment
Resource available to GENI experiments includes GENI Racks, regional and national backbone networks and WIMAX base station. [9]
GENI Key Concepts
1. GENI Project
i. GENI provide a portal for a individuals Researcher. The project is created by a single Responsible individual.
ii. A project have many experimenters as its members and experimenter may be a member of various projects.
iii. In GENI has provide a unique account for the
researcher.
2. GENI Slice
i. A slice is a container in which you perform multiple experiments such as make topologies.
ii. The experimenter only used that resources they will provide by GPO (GENI project office).
iii. GENI used the concept of slicesbility from the
planetlab testbed.
3. GENI Aggregates
i. In which Experimenters may request to the resources from this GPO aggregate and then add to slice.
ii. Each aggregate provide its own resources.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 2, February 2016)
234 4. GENI RSpecs and GENI AM API
i. GENI RSpecs is Resource specification document
that is used to request the resources from aggregates.
ii. AM API is Aggregate Manger that provide the
available aggregates to back the experimenter.[11]
GENI Desktop: Extensible web-based GUI providing a windowing system for interacting with GENI tools. Supports single sign-on to all GENI tools.
Goal:
-- Support multiple ways to “visualize” a slice.
-- Make it easy to apply an operation to a subset of resources within a slice.[12]
Common Requirement:
- Select Resources: Provide a unified well-known way to select resources, regardless of the “view” of the slice.
- Apply Operations: Provide a unified well-known way to apply an operation to a set of resources.
Three types of Views
- Logical View" Provides a logical view of the topology and links between nodes. Nodes and links can be selected to identify a set of nodes/links.
-Geographic/Map View" Provides a map view of the topology showing the geographic location where nodes are located and the links connecting them. Nodes and links can be selected to identify a set of nodes/links.
- List View "A textual list of the nodes and links in a slice.
Nodes and links can be selected to identify a set of nodes/links. The list can be filtered (searched) to reduce the number of nodes/links displayed.
Fig.4. GENI Desktop
VII. WHAT IS IPERF ?
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 2, February 2016)
235 IPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. This is a new implementation that shares no code with the original Iperf and also is not backwards compatible. [14]
Iperf features:
-TCP
1. Measure bandwidth
2. Report MSS/MTU size and observed read sizes. 3. Support for TCP window size via socket buffers.
-UDP
1. Client can create UDP streams of specified bandwidth. 2. Measure packet loss
3. Multicast capable [15]
--Client and server can have multiple simultaneous connections. [16]
--Server handles multiple connections, rather than quitting after a single test.
--Print periodic, intermediate bandwidth, jitter, and loss reports at specified intervals.
--Run the server as a daemon. [17]
--A server accepts a single client simultaneously (iPerf3) multiple clients simultaneously (iPerf2).
--Use representative streams to test out how link layer compression affects your achievable bandwidth
REFERENCES
[1] M. J. Reiher, \A taxonomy of ddos attack and ddos defense mechanisms acm,"2004.
[2] A Survey on Latest DoS Attacks:Classification and Defense Mechanisms Rajkumar1, ManishaJitendra Nene2 Department of Computer Engineering, Defense Institute Of Advanced Technology, Pune, India
[3] G. Riley, \Network simulation with ns-3.s," Institute of technology Spring simulation conference, 2010.
[4] Classification of DDoS Attacks and their Defense Techniques using Intrusion Prevention System Mohd. Jameel Hashmi1, Manish Saxena2 and Dr. Rajesh Saini3
[5] T.Anderson, \Overcoming the internet," 2015.
[6] K. Ali, \A congurable virtual testbed to generate datasets for oine evaluation of intrusion detection systems," Waterloo, 2009. [7] J. S. C. Mark Berman, \Geni: A federated testbed for innovative
network experiments," ScienceDirect, 2014.
[8] A. Gallgall, \Geni- a new breed of testbed for network innovation.," 2006.
[9] S. B. D. K. Ajitpal, Krishan Kumar, \Network research validation using geni platform," NCCCS, 2015.
[10] L. C. Z. J. J. Duerig, R.Ricci, \Getting started with geni: A user tutorial,"
[11] J. Griffioen and H. Nasir, \Introduction to the geni desktop," Laboratory for Advanced Networking University of Kentucky Lexing, 2013.
[12] https://www.geni.net/
[13] https://en.wikipedia.org/wiki/Iperf [14] http://openmaniak.com/iperf.php [15] https://iperf.fr/
[16] https://www.es.net/assets/Uploads/201007-JTIperf.pdf
[17] http://www.cs.unc.edu/Research/geni/geniEdu/03-TcpTraffic.html [18] http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf [19] https://www.incapsula.com/ddos/ddos-attacks/
