In this lab, you will discover and analyze one of two different real network attacks. This will give you insight into the
motivation, vulnerabilities, threats, and countermeasures associated with your selected network attack.
There are two categories of network attacks you will be concerned with this week. The first is a network denial of service
(DoS) attack, and the second is a targeted attack on a network device connected to the network. You will also discover the
distributed denial of service (DDoS) attack and you may use that one as well. The key difference between a DoS and a
DDoS attack is that the DDoS attack is launched towards the target from numerous source locations. A botnet attack is an
example of a DDoS attack.
Your goal is to select a specific instance of one type of attack and provide a managerialstyle
Assume that you are delivering your analysis to business or government managers who have a general understanding of
The reason for the choice of two different attacks is to allow you to select a broad or narrow focus for your work. This will
also give you a high probability of discovering a very current attack.
In general, the network denial of service attack may significantly diminish the network’s ability to properly communicate.
The result will be a loss of service, such as the inability to access a website’s home page. The DoS attacks have ranged
from a large global footprint to a specific target network endpoint. For example, the SQL slammer worm was a global DoS
attack, lasting for days and requiring server modifications. In contrast, selected websites were shut down by hacker groups,
such as the hacktivist collective Anonymous, requiring support from the ISPs and firewall vendors.
The targeted attack on a network device can result in a DoS as well, but it uses the current network to deliver the
destructive payload to the target system. For example, a SQL injection attack’s target is the database server, with the
Internet and the corporate network actually delivering the destructive payload to the target. Furthermore, this type of attack
may leave the network functional because it uses it to propagate to other devices or uses the victim’s network to launch
Document Authoring Guidelines
Each section of your report may require 1â6 sentences to properly address the topic. For example, the attack discovery and
resolution dates will be one sentence, whereas the synopsis of the attack will require about six sentences. Your primary
goal is to provide the reader valuable information about the attack.
Lab Document Framework
Name of the attack
Attack discovery and resolution dates
Synopsis of the attack
Vulnerable target(s) for the attack and likely victims
Probable motivation(s) of the attack
Probable creators of the attack
Deployment, propagation, or release strategy of the attack
Published countermeasures against the attack
Published recovery techniques used to return to normal operations after the attack
Recommended incident reporting measures
Citations and resources used in this report
Delivering Your Lab Document
Organize your materials into a single comprehensive document. Name your document(s) so that the course ID, your full
name, and this lab’s name are referenced. For example, include SEC572_FirstName_LastName_Lab1 in the file’s name.
Your document must be readable with Microsoft Word 2007 (or prior), or a standard PDF file viewer.
Submit your assignment to the Week 1 Dropbox, located at the top of this page. See the Syllabus section “Due Dates forÂ Assignments & Exams” for due date information. Use the Dropbox comment area to give your instructor an introduction, orÂ to state any special information