Question

Hi, These question is about flooding attack. I need more detail about it.

1. Provide at least two technology alternatives for addressing the security topic chosen by the team. For each potential technology considered, provide an overview of its operation, availability, cost, implementation issues, and overall benefit to the end-user.
2. Perform an analysis of the candidate technologies. This analysis should include both qualitative and quantitative techniques. Based upon your analysis, select a suitable solution and justify your selection.

Answer 1

Flooding attack, provide at least two technology alternatives for addressing the security topic chosen by the team and overview of its operations, availibility, cost implementation issues and benefits to the end user --

• Flooding attack -- Flodd attack is also kown as denial of service attacks(DoS).
• In the flood attack the attackers send large volume of traffic to system so that the system can not be able to examine and do not allow pwermission to network traffic.
• Firebox protection against these type of flood attacks include --
• IPSec, IKE, ICMP, SYN and UDP.
• Preventing flood attack in default packet handling page, threshold for the allowed number of packets per second for different types of traffic can be specified.
• When the number of packets exceed the specified threshold, then the device start to drop traffic of that type on the interface.
• For example -- If the Drop UDP flood attack threshold is set to 2000, then the device start to drop UDP packets from interface that receive more than 2000 UDP packets per second.
• SIP DoS attacks -- In a craft SIP request that exploits vulnerability in a SIP proxy of target and result complete loss of function.
• The flooding attacks can be classified into the following type --
• Control packets flood -- The attacker flood SIP proxies with SIP packets like invite message and bogus responses. the attacker craft authenticated message that fail authentication message to cause the victim to validate the message.
• Call data Flood -- The attacker flood the target with RTP packets without establishing legtimate RTP session. and attempt to harm processing power.
• Distributed DoS attack -- When attacker gained control of large number of VoIP capable host and formed zombies networks in attackers control