Post

DDoS Attack using Google-bots

Supervisor: Ntalija Vlajic

Recommended Background: CSE 3213 or CSE 3214, CSE 3482

Not long ago, botnets – networks of compromised computers – were seen as the most effective (if not the only) means of conducting Distributed Denial of Service (DDoS) attacks. However, with the growing popularity and prevalence of application-layer over other types of DDoS attacks, the DDoS execution landscape is becoming increasingly more diverse. An especially interesting new trend is the execution of application-layer DDoS attacks by means of skillfully manipulated Web-crawlers, such as Google-bots. The goal of this project is to design, implement and test a real-world framework consisting of the following: a) the attacker’s web-accessible domain specially designed to attract Google-bots and then manipulate them into generating attack traffic towards the target/victim site; b) the victim’s Web site set up in Amazon S3 cloud. In addition to the hands-on component, the project will also look into the statistical/numerical estimation of the framework’s anticipated ‘attack potential’ relative to an actual (real-world) target/victim site.