7.3 Consider a distributed variant of the attack we explore in Problem 7.1. Assume the attacker has compromised a number of broadband-connected residential PCs to use as zombie systems. Also assume each such system has an average uplink capacity of 256 kbps. What is the maximum number of 100-byte ICMP echo request packets a single zombie PC can send per second? If the packet size is 1000 bytes? Or 1500 bytes? How many such zombie systems would the attacker need to flood a target organization using a 8-Mbps link? Given reports of botnets composed of many thousands of zombie systems, what can you conclude about their controllers ability to launch DDoS attacks on multiple such organizations simultaneously? Or on a major organization with multiple, much larger network links than we have considered in these problems?

================================================================================================

Problem 7.1.

In order to implement a classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 100 bytes in size (ignoring framing overhead). a. How many of these packets per second must the attacker send to flood a target organization using an 8-Mbps link? Answer:--------- Number of packets sent per second by an attacker using 8-Mbps ===== ====> Capacity of the link / (Number of packets * Number of bits in each byte) Number of bits in each byte = 8 (1 byte is equal to 8bits). Number of packets sent per second by an attacker using 8-Mbps ====== ====> (8*106) / (100*8) ====> 104 ====> 10000 packets

b. How many per second if the packets are 1000 bytes in size? Answer:--------- Number of packets sent per second by an attacker using 8-Mbps ===== ====> Capacity of the link / (Number of packets * Number of bits in each byte) Number of bits in each byte = 8 (1 byte is equal to 8bits). Number of packets sent per second by an attacker using 8-Mbps ====== ====> (8*106) / (1000*8) ====> 103 ====> 1000 packets

Or For, packets of size 1460 bytes, Number of packets sent per second by an attacker using 8-Mbps ===== ====> Capacity of the link / (Number of packets * Number of bits in each byte) Number of bits in each byte = 8 (1 byte is equal to 8bits). Number of packets sent per second by an attacker using 8-Mbps ====== ====> (8*106) / (1460*8) ====> 1000000 / 1480 ====> 684.9 ====> 684 packets