Turning Legal Website Into Distributed Denial of Service Tools

Silaen, Kalpin Erlanggaa and Soewito, Benfano and Lim, Charles (2016) Turning Legal Website Into Distributed Denial of Service Tools. Masters thesis, Swiss German University.

[img] Text
Kalpin Silaen 22014209 TOC.pdf

Download (1MB)
[img] Text
Kalpin Silaen 22014209 1.pdf
Restricted to Registered users only

Download (875kB)
[img] Text
Kalpin Silaen 22014209 2.pdf
Restricted to Registered users only

Download (2MB)
[img] Text
Kalpin Silaen 22014209 3.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Kalpin Silaen 22014209 4.pdf
Restricted to Registered users only

Download (10MB)
[img] Text
Kalpin Silaen 22014209 5.pdf
Restricted to Registered users only

Download (408kB)
[img] Text
Kalpin Silaen 22014209 Ref.pdf

Download (1MB)

Abstract

Fast-growing numbers of web applications and users in the Internet not only provide positive benefits such as bigger marketplace for trading and more robust information exchange, but also negative impacts such as the number of DDoS attacks having increased in terms of size and frequency. An attacker can use a legitimate website in the Internet to become their tool to launch attacks to other targeted websites by sending many requests to retrieve content from the victim through this legitimate website. In this thesis, we present the vulnerabilities of legitimate websites such as Social Media, Online Web Translator, and CMS WordPress that can be used by an attacker to launch DDoS attacks toward other sites using HTTP-GETF flood type attack. Our threat analysis shows that applications from the legitimate websites above have a vulnerability which allows us to utilize them as our attack vector. Two different attack simulations, i.e. real world attack simulation and lab experimental simulation,were performed. The results showed that Facebook can attack the victim with a Traffic Bandwidth of almost 5Mbps with a single request; that Google Translator can attack the victim with an average Traffic Bandwidth of 377 Kbps; and that Bing Translator and CMS Wordpress can attack the victim with average Traffic Bandwidth of around 68Kbps with a single request. Attacks from those application saredoneusingHTTP-GET type attacks toward the victim. Our proposed countermeasures for those legitimate websites, as applied in our lab experiments, demonstrated that our countermeasure could successfully prevent HTTP-GETattacksatthesource.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Distributed Denial of Service; Web Application; HTTP-GET Attack; Legal Website
Subjects: T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Atroridho Rizky
Date Deposited: 13 Jul 2020 15:10
Last Modified: 13 Jul 2020 15:10
URI: http://repository.sgu.ac.id/id/eprint/1144

Actions (login required)

View Item View Item