Scenario/Summary

In this lab, you will discover and analyze one of two different real network attacks. This will give you insight into the motivation, vulnerabilities, threats, and countermeasures associated with your selected network attack.

There are two categories of network attacks you will be concerned with this week. The first is a network denial of service (DoS) attack, and the second is a targeted attack on a network device connected to the network. You will also discover the distributed denial of service (DDoS) attack and you may use that one as well. The key difference between a DoS and a DDoS attack is that the DDoS attack is launched towards the target from numerous source locations. A botnet attack is an example of a DDoS attack.

Your goal is to select a specific instance of one type of attack and provide a managerial-style awareness document. Assume that you are delivering your analysis to business or government managers who have a general understanding of network communications.

The reason for the choice of two different attacks is to allow you to select a broad or narrow focus for your work. This will also give you a high probability of discovering a very current attack.

In general, the network denial of service attack may significantly diminish the network’s ability to properly communicate. The result will be a loss of service, such as the inability to access a website’s home page. The DoS attacks have ranged from a large global footprint to a specific target network endpoint. For example, the SQL slammer worm was a global DoS attack, lasting for days and requiring server modifications. In contrast, selected websites were shut down by hacker groups, such as the hacktivist collective Anonymous, requiring support from the ISPs and firewall vendors.

The targeted attack on a network device can result in a DoS as well, but it uses the current network to deliver the destructive payload to the target system. For example, a SQL injection attack’s target is the database server, with the Internet and the corporate network actually delivering the destructive payload to the target. Furthermore, this type of attack may leave the network functional because it uses it to propagate to other devices or uses the victim’s network to launch other attacks.

Deliverables

Document Authoring Guidelines

Each section of your report may require 1–6 sentences to properly address the topic. For example, the attack discovery and resolution dates will be one sentence, whereas the synopsis of the attack will require about six sentences. Your primary goal is to provide the reader valuable information about the attack.

Lab Document Framework

• Name of the attack
• Attack discovery and resolution dates
• Synopsis of the attack
• Vulnerable target(s) for the attack and likely victims
• Probable motivation(s) of the attack
• Probable creators of the attack
• Deployment, propagation, or release strategy of the attack
• Published countermeasures against the attack
• Published recovery techniques used to return to normal operations after the attack
• Recommended incident reporting measures
• Citations and resources used in this report