Dos Attack & Mitigation

2468 Words Apr 11th, 2013 10 Pages
DDOS Attack and its Mitigation – Simulation in GNS3
Summary: A private LAN network comprising of hundreds of end devices and several servers in DMZ is protected by Cisco ASA (Firewall). In the internet the most commonly found network attack is to take down enterprise resources by DDOS(Distributed Denial of Service) attack either on Servers(which will impact hundreds of end users) or on the network resources like routers itself. In this practical simulation we will analyse how a DOS attack happens on web server placed in DMZ from the internet via traffic flooding, and how we can fine tune ASA to mitigate and stop further attacks on the network. Devices used: a) b) c) d) e) Attacker PC – Windows XP – Service Pack3 Web server (Simulated in
…show more content…
h) Let us configure the loopback adapter’s ip address as 20.1.1.100/24, and set the default gateway as 20.1.1.1 as shown in the below image. https://www.elance.com/s/feroz_sm/ https://www.odesk.com/users/~013128626566145b05 Page 5

i) The above configuration means that the virtual XP can also be access by the ip address 20.1.1.100 and the default gateway i.e. router’s interface which is connecting to the switch has an ip address of 20.1.1.1. j) In the next step, we are going to create a topology, through which we can simulate the DOS attack, after we create the topology, we have to connect our virtual XP to the topology, which actually represents the internet cloud, a server placed in the DMZ of a corporate (in actual configuration it is placed in Inside zone) and the attacker PC in the internet (i.e. the virtual XP). Between the internet(outside) and the Corporate LAN, we have placed an ASA(Adaptive security Appliance) version 8.4, which is has all the functionalities of a firewall and features like NAT, Routing, VPN, AAA services etc. hence it is called UTM(Unified Threat Management) device. The topology which we are going to use for the DOS simulation is in the below image.

https://www.elance.com/s/feroz_sm/ https://www.odesk.com/users/~013128626566145b05

Page 6

Configuration: a) Web Server – IP address: 10.1.1.100/24 Zone: Inside Device: Router c7200 used as a web server. Running configuration of this device : version 12.2
Open Document