Auditing, Monitoring, and Detecting of Dos or DDoS Attacks A Dos (denial of service attack) is an attempt to make network or machine resources non-available to legitimate users. Attackers use the Dos to accomplish their goals by flooding the target resources or machines with the superfluous requests or useless packets to overload the systems and prevent users to fulfill their legitimate requests. When Dos originates from a single network or host node, it is termed a Dos attack, however, a distributed Dos is a more serious attack that attempts to consume computer resources to prevent the system from providing services. A DDoS occurs when there are multiple sources of attacks and often come from thousands of unique IP addresses. However, the rates of the DDoS have increased in the last few years, and criminals target high profile servers such as credit card payment gateways, banks other big corporations to achieve their criminal goals. An intruder may consume the disk's place by sending excessive email messages to create errors in the systems. Intruders can also implant a zombie software on the target websites to achieve direct Dos attack objectives. Often, the DDoS attacks may consist of two -level approach that include master zombies and slave zombies, where the master zombie uses the slave zombies to a create vulnerabilities across network resources using the malicious code to infect the distributed machines. The attackers can also use the malware to alter the system configuration to provoke the Dos attack. (Jain, Jain, & Gupta, 2011). When an attacker infects the target machine with malware or zombie software, the software will run on a large number of target machines.

Another attacking strategy is by scanning the machine with the zombie software to detect the vulnerable machines, launching the internet traffic through the infected machines. (Stallings, 2013). While web services provide critical functionalities to businesses, however, the Dos might inflict several damages to web services, which may lead to reputation and financial losses. Different research articles focus on the Dos or DDoS attacks, their preventions, detections, and mitigations. (Han, Shen, Duong, et al. 2014, Oliveira, Laranjeiro, & Vieira, 2015).

The objective of this paper is to analyze the main threats and attacks on TCP/IP protocols and the affect networks. Moreover, the study assesses the main attacks and threats on the wired and wireless networks from inside and outside an organization. The study discusses the current penetration testing tools, techniques, and procedures.

Detection, Prevention, and Mitigating Dos Attacks

The TCP/IP protocols are tools that assist in enhancing communication across the internet. The TCP/IP also provides a wide array of functionalities consisting of network layers, transport layers, link layers, and application layer. However, the TCP/IP have been a target of attacks in the contemporary business environment, and the Dos or DDoS attacks are major attacks on TCP/IP. (Steinke, Tundrea, & Kelly, 2011). A Dos attack can make the application layer of the TCP/IP unable to process requests because the attacks will make the server get swarmed by useless packets. Moreover, the attacker can target the TCP/IP network layer making the network system to slow down or drop packets and make the network unusable for the users. The study reviews three articles to demonstrate methods for preventing detecting and mitigating Dos and DDoS Distributed.

"Dos attack detection and mitigation utilizing Cross-Layer Design. Ad Hoc Networks." (Soryal, & Saadawi, 2014 p 71).

Soryal, & Saadawi, (2014) in their research article provide a comprehensive review on the detections and mitigation of Dos attacks using the cross layer designs. This study chooses the article for a review because the authors develop different algorithms for the Dos detections and mitigations, which can be applicable in the IT and business environments. Soryal, & Saadawi, (2014) argue that the Dos attack has become more...

The authors point out that attackers can carry out the Dos attacks in the wireless networks using different methods disguising themselves as legitimate users, follow and control the data packets, and make all the innocent nodes in the systems to consider them as legitimate nodes. Soryal, & Saadawi, (2014) develop Dos detection and migration algorithms to deceive attackers to let them falsely believe that they are still disrupting the network systems. The detection algorithms consist of IEEE 802.11 IDC (Distributed Coordination Function) standards that can be used to perform the Dos detection combined with modification of "IEEE 802.11 MAC layer code." (Soryal, & Saadawi, 2014 p 78). The detection strategy uses the algorithms technique to modify the MAC layer firmware to assist each node in the system to detect the Dos attack utilizing MAC (Medium Access Control) layer to identify the attackers.
The mitigating process is the next step after detecting the Dos attacks. The mitigating module intervenes and starts changing the communication channels based on the PSS (Pre-Shared-Sequence). (Soryal, & Saadawi, 2014). The mitigation algorithms force all the nodes in the systems to change the communication systems to the safe channels. After all the nodes have resumed in the safe channels, the next step is to send the ACT and CTS packets to deceive the attackers into thinking that they are causing damages in the systems. The authors argue that the detection, prevention, and mitigating algorithms can be applied to the commercial wireless routers and other wireless devices such as laptops and smartphones. The strategies can provide an extra layer of security against Dos attacks. Moreover, the algorithms are compatible with IEEE 802.11 standards. The algorithms also allow the trusted users to join the wireless network without a fear of Dos attacks.

"Chapter XXXI Denial-of-Service (Dos) Attacks: Prevention, Intrusion Detection, and Mitigation. IRMA-International.org." (Disterer, Alles, & Hervatin, 2008 p 1).

Disterer, Alles, & Hervatin, (2008) in their research article discuss the strategy that can be employed in detecting, preventing and mitigating Dos attack. The authors argue that Dos attacks have become major threats in a business environment, and the goal of the attack on websites is to block legitimate users from accessing the network services. A method employed to harm websites is by manipulating the target servers or target networks preventing them from performing the legitimate functions and ultimately shut down the network resources. The attackers can also attempt to deplete the resources that include memory, bandwidth, and processing capacity.

Disterer, Alles, & Hervatin, (2008) argue that detection, prevention, mitigation are the strategies against the Dos attacks. The prevention strategies are as follows: First, users should encrypt communication, and data transmitted through Telnet, SMTP, and FTP to prevent unauthorized access to data. Since unencrypted data are sent in a clear text, attackers can take this advantage to installing the malicious code in the systems. Moreover, attackers can spy the users' passwords using the sniffer or malicious code to get access to the passwords. However, the attacks can be prevented using the Secure SSH and FTP. A system administrator can also reduce the threat of DDoS attacks by installing updates constantly because the installation of new updates is necessary to prevent potential attackers taking advantages of security loopholes and install the malicious code in the systems.

Disterer, Alles, & Hervatin, (2008) also recommend that network administrators should scan the corporate networks to detect eventual security holes. The intrusion detection system is also very important to minimize loss, and corporate organizations should monitor their systems to detect eventual intrusion. The corporate administrator should constantly scan their network traffics to detect the anomalies in the hosts. The host-based IDS (intrusion detection system) should be also carried out to analyze the system log files. Moreover, the sniffer software should be installed on the network device such as firewalls, routers, web servers, and load balancers to prevent unwanted traffic in the system.

Disterer, Alles, & Hervatin, (2008) recommends different mitigation strategies for the routers, web servers, and workstations against the Dos attacks. The system administrator should configure the wed servers to discard the SYN requests to filter out the unwanted traffics. Moreover, the administrator should add additional…