INTERNET

Database Server

Router ACLs configured

Core Switch

LAB 1

Administration LAN Switch

1. User sends an HTTP Request

2. Webserver s

ends Login page - P

ort 443 (H

TTPS)

NIDS

Network Intrusion Detection System

Only HTTP/HTTPS traffic to the webserver is allowed

Handler

Handler Instructs the DDoS Agents

Compromised Hosts - Zombies

Regular traffic to the registration system

DDoS Attack

4. Registration and payment processed

3. Use

r logs in

to the sy

stem and re

quests re

gistratio

n

Thousands of bogus HTTP requests

Public UniversityWeb-Based Registration and Cashiering SystemInternal DDoS attack IllustrationLOT2 – Marcelo Silva

After being overwhelmed,

the servers become

unavailable

Web Servers

Distributed Denial of Service Attack1. DDoS Agents are deployed to comprised hosts2. Handler instructs the bots to attack3. The Botnet attacks the victim hosts

LAB 2 LAB 3