Distributed Denial of Service

Distributed Denial of Service

LINUX , SNORT (Intrusion Detection System), Botnet based DDoS attack to do testbed for thesis artefact
===============================

Thesis artefact

The Aim of this assessment is to come up with an effective and new detection method against botnet DDoS (Distributed Denial of Service) type of attack by doing a testbed.

The objectives to achieve this aim:

Use Harvard referencing

This thesis artefact is flexible in a sense that helper can use any other sort of tools to accomplish the task as long as it matches with the aim but please, let me know how he/ she going to do it.

We can use Virtualbox or any other software that allow us to accomplish the following objectives

1) Using linux server that is running SNORT IDS that does network packet monitoring. The SNORT should basically do the job of packet monitoring such as UDP, HTTP, and Port and outputting the captured packet logs into human readable language (maybe mysql, ossim or any other convenient software)

2) Using another server that can be any like window XP or linux that is acting as botnet (any botnet as long as it is not older than 4 years) that lunches a DDoS attack to linux server.

The Linux server that is running SNORT should be configured with customized new and unique rules (perhaps 2 or 3 rules) that should show how effective it is to detect the botnet based DDoS bandwidth attacks.

The SNORT should send alerting messages to linux server in the form of e-mail message whenever there is possible Botnet Based DDoS attack. The e-mail alert messages should be triggered based on the customized new and unique rules (perhaps 2 or 3 rules). These customized new and unique rules are configured to for botnet ddos based attack detection.

We need to write short introduction about this artefact

Short description of tools that is used to produce this thesis report

Providing screen shots into the body of the report if it is relevant to put (screen shots can be such as alerting e-mail messages, network packet picture under normal function and under botnet based ddos attack.

We need to present the report showing how the new and customized snort rule is effective to detect botnet based ddos attack in comparison to snort normally configured rule.

We need to do screen shots of SNORT installation and other tool’s command that are used to produce this thesis artefact in appendix.

When customizing SNORT new and unique rule – it should be easy to understand for normal users. All the explanation on what each element used in SNORT’S new and unique rule should be explained. The header and body of the new and customized SNORT rule should contain type of botnet ddos it detects, time and any other relevant information.

Analysis of the snort detection result

In conclusion, we can provide analytical discussion about what type of botnet ddos the new snort rule is able to detect and what are the strengths and limitation of this new snort rules are in comparison to any other tools that detects the botnet based ddos attack.