1. NET 536 Network Security Lab 1: TCP IP Attacks
Networks and Communication Department
Lab 1: TCP IP Attacks

2. DoS flood attack Question 1
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 500 bytes in size (ignoring framing overhead). How many of these packets per second must the attacker send to flood a target organization using a 0.5-Mbps link? How many per second if the attacker uses a 2-Mbps link? Or a 10-Mbps link?

3. Answer
NOTE
1 byte (B) = 8 bits (b) 1 Kilobit (Kb) = 2^10= 1024 bits 1 Megabit (Mb) = 2^20=1,048,576 bits 1 Gigabit (Gb) = 2^30= 1,073,741,824 bits
28-Nov-18
Networks and Communication Department

4. Answer
To flood a bandwidth of W bits with packets of length P bits, the attacker would need W/P packets. 1- For W=0.5 Mbit and P=500 byte=(500*8)=4000 bits the attacker would need: W/P= 0.5M/(500*8) = (0.5*2^20)/(4000) = That is, 132 packets per second.
28-Nov-18
Networks and Communication Department

5. Answer
2- For W=2 Mbit and the same P= 500 byte, the attacker would need: W/P=(2*2^20)/ (500*8) = / 4000 = that is 525 packets per second
28-Nov-18
Networks and Communication Department

6. Answer
3- For W=10 Mbit and the same P= 500 byte, the attacker would need:
W/P=(10*2^20)/ (500*8)
= / 4000 =
that is 2622 packets per second..
28-Nov-18
Networks and Communication Department