Network Security: Ping of Death, Smurf Attacks and HTTP Flood Attacks

 



Ping of Death, Smurf Attacks, and HTTP Flood Attacks

Information and system security is critical for individuals and organizations. This is where all data and vital documentation is stored. For example, a healthcare organization will have information about employees and patients. Managing and storing this data in a proper way is vital to protect each person’s privacy. For an individual, it may even be more daunting, at times, because if they are not careful about protecting their information, they can become an easy target for predators who are constantly searching for openings across all networks. There are various attacks that can be performed using ping commands, such as ping of death (PoD), Smurf attacks, and HTTP flood attacks. With a ping-of-death attack, the attacker’s goal is to ping a system enough times to crash and make the system overwhelmed with information that it does not have time to catch up. We can think of this as sending a huge package to a system all at the same time. Another type of attack is a Smurf attack. A humorous way to understand this concept is with the game called Ding-dong Ditch. A group of children ring a neighbor's doorbell and hide before the person opens the door. Similarly, a Smurf attack wants to request acknowledgment from a network in hopes of the network opening a port or making themselves vulnerable and becoming prey. Thousands of requests will be sent to the server, and the server will fail. Lastly, HTTP flood attacks are described as a flood or overwhelming of information on a website. Many of us may have experienced an event when there is a sale on a website or at a store. People will camp out and wait until the designated time to then rush into the store. When the sales are online, consumers will wait for the appointed time, and all log in at the same time. If the company’s server is not prepared to receive such large requests simultaneously, it will experience a flood attack. Another example to ensure that websites are not being bombarded with flood attacks is the implementation of the captcha to confirm users are real.  

 

Email spam and phishing are two security incidents that are familiar to me. Email spam is when malicious emails reach a user’s inbox with mysterious or confusing information and have a link embedded, luring the user to click on it. Behind this link can lie malware and worms that will infect the user’s system. Phishing emails, although similar, are trickier to decipher if harmful. Phishing emails disguise themselves like everyday messages but have minor details that will give them away. For example, using toggle cases within some words or not using company logos while also providing vague links for users to click on and harm their system.  

 

Computers are vulnerable to the threats discussed, such as phishing, Smurf attacks, and ping of death, because they are not properly protected. To avoid being the subject of these attacks, each individual and organization must ensure they have a well-established security structure. One example that can occur after a system has been compromised is missing information and hidden malicious data. For example, if a computer system was hacked and malware was installed, they can remove it and reinstall the latest update. However, during that transition, suppose a mistake occurred that compromised a file and that file duplicated everywhere; it is as if it were starting back to zero.  

  

Two recommendations for protecting a network or computer system are implementing an intrusion detection system (IDS) and using blockchain technology. An intrusion detection system is essential because it aims to be vigilant of intruders or attackers trying to sneak into the system. With an IDS, it alerts, catches, and prevents the attack from moving any further. Without these types of resources, any organization and its network are vulnerable. Another measure to protect a system is blockchain technology. Implementing blockchain technology is beneficial because of its transparent record-keeping and decentralizing feature it can block any bots attacking the system. 


References:

  • Huh, J.-H., & Seo, K. (2019). Blockchain-based mobile fingerprint verification and automatic log-in platform for future computing. Journal of Supercomputing, 75(6), 3123–3139. https://doi.org/10.1007/s11227-018-2496-1
  • R. Karthikeyani, & Karthikeyan, E. (2023). A Review on Distributed Denial of Service Attack. Asian Journal of Research in Computer Science, 16(4), 133–144. https://doi.org/10.9734/ajrcos/2023/v16i4378 
  • Smith, Arthur & Kendall, Kristopher. (2001). A Database of Computer Attacks for the Evaluation of Intrusion. 
  • Treseangrat, K. (2014). Performance analysis of defense mechanisms against UDP flood attacks. Researchbank.ac.nz. https://researchbank.ac.nz/handle/10652/2523  


Comments

Post a Comment

Popular posts from this blog

Programming Languages: Scratch

Image
  Jossi's Scratch Project   🐾 Using Scratch was an exciting experience. At first, I was unsure that I had arrived at the correct website because I saw many cartoon images and sounds, so I thought I clicked on a game for children. However, I was excited to begin my assignment after confirming I was on the correct site. It gave me a “Are you smarter than a fifth grader” type of feel. I’m not one for perusing through instructions, but when I watched the overview, it made more sense. I like that you can test each block action and see it on the right pane. I didn't appreciate that I had to reset most of my sprites to their starting positions manually.  Another thing is that there should be a way to add various sprites within one screen instead of individually having all the sprites and their codes. If all sprites, backgrounds, and sounds were part of the same screen, there could be an identifier that would indicate that block or code was specific to which sprite; for example,...
Read more

Computers in the Workplace: Healthcare IT

Image
  "Health IT is more complex than Rocket Science 🚀" - Epic Using computers in healthcare is essential. Computers allow clinicians to document and research patient information, complete diagnoses, and administer medications. In addition to clinicians, some employees also use computers for other roles such as IT, finance, HR, etc. Employees in this environment need to be computer literate because all of the documentation about patients is on the computer. For example, in the majority of healthcare organizations around the world, electronic medical records are accessed by computers. If, let’s say, a nurse or doctor were not computer literate, how would they be able to document patient diagnoses, symptoms, and assessments? All clinicians need to have a basic understanding of computer functions. On the administrative end, it’s also vital for users to be computer literate because all documents and employee information are primarily stored on computers. Lately, the trends of comput...
Read more

Web/Mobile App Critique: Netflix

Image
  The web/mobile application I am familiar with is Netflix. Netflix is highly user-friendly. It guides users in selecting shows, movies, and programs based on their interests. By displaying the categories for each section they can search through across the top of the screen, users can easily find what they’re looking for. According to the Microsoft app store, it’s been categorized as “T” for Teens as it displays diverse content, and discretion is advised. Each software-based store will display when Netflix requires upgrades for a better viewing experience. Grouping each genre as a sub-menu allows me to select a topic I will enjoy. The design of Netflix gives users the feel of being in a movie theater without traveling to one. For example, the intro sound as a user opens up the application provides users a sense that they will embark on an adventure that takes them away from daily life and into the screen world. As formerly mentioned, the sections displayed across the top make it ea...
Read more