Local DDoS testbed bids to future-proof systems

Queensland University of Technology builds its own sandbox

Researchers at the Queensland University of Technology hope to test and mitigate the risks of a Distributed Denial of Service (DDoS) attack by creating and running their own internal testbed.

The new dosTF testbed, one of the few available globally, uses eight Linux and Windows-based PCs and three VMware servers to create 200 virtual hosts used in cohort to simulate the attacks. The idea is to better understand the global attack methodology and develop protection methods. Each PC is fitted with two Ethernet cards - one for incoming traffic and the other for monitoring - and is monitored by SNMP messaging, with experimental scenarios recorded in XML format to be later documented and potentially replayed for further experimentation.

One of the researchers involved in the project, Desmond Schmidt, told the World Computing Congress 2010 in Brisbane it was vital to conduct the experiments on an internal network, rather than on a live system or the wider internet, in order to better understand the attacks without breaking laws in numerous countries.

A DDoS attack uses several infected computers coralled into a 'botnet' to collaboratively attack and subsequently bring down targeted websites. A recent study conducted by EMC’s security division, RSA, found DDoS attacks could be commissioned or bought for a desired website for an average price of $US50 per attack. Security organisations such as the Australian Computer Emergency Response Team (AusCERT) and the international intelligence firm, Cyveillance have both identified the National Broadband Network (NBN) and the general ubiquity of faster access networks and, specifically, faster upload speeds as a potential boon to botnet operators and hackers.

The prevalence of recent DDoS attacks made news when it was discovered copyright protection organisations had contracted India-based software companies to target BitTorrent trackers and search engines believed to be hosting infringing media. Users on the 4chan message board, however, have reportedly used the same tactic against the same companies, launching 'Operation Payback' to collaboratively bring down websites associated with both the contracted software companies and the copyright protection organisations.

Schmidt pointed to existing, similar testbeds which provided similar capabilities such as DETER at Berkeley University and Emulab at the University of Utah, both of which utilise a system formulated by the latter. Schmidt said existing testbeds posed problems for researches working in the India-Australia project howver; while they were accessible anywhere in the world, they required remote login and didn’t suit the project’s prospects.

He said the internal testbed was inexpensive to construct and maintain.

Each of the PCs and virtual hosts in the dosTF testbed can be used as an attacker, traffic generator, defender or vulnerable service, all activated via a command line. Targets are also assigned on the network for the attack, while another provides a view of the experiment.

The India-Australia project, which hosts the testbed is being funded by the Indo-Australian Science and Technology Fund, is partly paid for by the Department of Innovation, Industry, Science and Research.

According to Schmidt, the testbed has been successful in two separated denial of service attacks; one makes use of a vulnerability in the Ruby XML parser, while the second sent repeated requests for a service description file on a Glassfish application server. Researchers involved in the project will in future make use of the testbed for testing mitigation against DDoS attacks as well as formulating defence applications. Another project will identify potential vulnerabilities in the IPv6 protocol in the behaviour of SCADA systems.

Join the CSO newsletter!

Error: Please check your email address.

Tags DDoS attacksSCADAQUTdenial of serviceWorld Computer Congress 2010ipv6

More about Australian Computer Emergency Response TeamCERT AustraliaComputer Emergency Response TeamCyveillanceEMC CorporationetworkLinuxQueensland University of TechnologyQueensland University of TechnologyRSASNMPVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by James Hutchinson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts