0

I'm simulating a Ping of Death attack on a server that is providing app services to two computers over a network. I've run tests with one server and with multiple attackers which have been working as expected.

To try and mitigate the effect of the attack, I'm trying to introduce multiple servers which can divide the work, but I cannot get it to work.

I've tried to connect two servers to the router, and also tried to connect the router to a switch, and connect multiple routers to the switch. In each scenario, the same server is always the target of the attack.

I'm a novice to networking and using Opnet, and would appreciate any pointers or answers. Here is the link to the project: https://drive.google.com/drive/folders/134CcMY8C-Cc_032BIjGS8oEiVVH1whxI?usp=sharing

Thank you.

Pepe
  • 59
  • 6
  • P.S. If there are any alternative ways to mitigate the attack which would be easy to implement, any advice would be great, thank you. – Pepe Apr 09 '21 at 08:01
  • 1
    Modern network stacks have mitigated such attacks, so it may be unlikely that you can actually get the Ping of Death to work. – Ron Maupin Apr 09 '21 at 15:30
  • @RonMaupin I'm just using Ping of Death as an example since it's similar to ICMP, and improving the network to defend against POD should have an effect against ICMP. – Pepe Apr 10 '21 at 01:48
  • 1
    Ping uses ICMP, specifically Echo and Echo Reply. ICMP is an integral and required part of IP, and you do not defend against ICMP. – Ron Maupin Apr 10 '21 at 12:03
  • 1
    From _[RFC 792, Internet Message Control Protocol](https://tools.ietf.org/html/rfc792)_: "_Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing. For such purposes this protocol, the Internet Control Message Protocol (ICMP), is used. ICMP, uses the basic support of IP as if it were a higher level protocol, however, **ICMP is actually an integral part of IP, and must be implemented by every IP module.**_" – Ron Maupin Apr 10 '21 at 12:06
  • @RonMaupin ahh I see, thank you for elaborating that for me, I'm a novice and struggling to find good resources for learning. I'm guessing this means ICMP-based attacks are not very effective nowadays then. I've tried to optimize the network's topology and implemented QoS to mitigate the attack for research purposes, would it be reasonable to assume these changes which have helped against the PoD attack also help against other forms of DDoS attack? – Pepe Apr 11 '21 at 13:54
  • 1
    DDoS is something different. You need to ask on [security.se]. – Ron Maupin Apr 11 '21 at 14:38

0 Answers0