Module - 4

1. Describe the mechanism of DNS spoofing. How does it compromise user

confidentiality and trust?
 DNS = translates domain names (e.g., bank.com) into IP addresses.
 DNS spoofing (DNS cache poisoning) = attacker changes this mapping so the
domain points to a malicious IP.
 Victim’s browser unknowingly connects to attacker-controlled site.

Mechanism
Step 1 – User Request:
 Victim types a domain name in the browser.
 Computer sends a DNS query to a DNS server.
Step 2 – Attacker Intercepts or Forges:
 Attacker sends a fake DNS reply before the real server responds.
 This fake reply contains the attacker’s IP instead of the real one.
Step 3 – Cache Poisoning:
 The victim’s DNS cache stores this wrong mapping.
 Any future visits to the domain will go to the malicious IP until the cache expires
or is cleared.
Step 4 – Redirection to Fake Site:
 The victim connects to a fake site that looks exactly like the real one.

Techniques Used
 ARP Spoofing: Redirects traffic to attacker’s system.
 Man-in-the-Middle: Alters DNS replies between victim and server.
 Exploiting DNS Server Vulnerabilities: Injecting fake entries.
 Rogue DNS Server: Configuring victim to use malicious DNS.

Compromise of Confidentiality & Trust

 Theft of sensitive data: Users unknowingly enter usernames, passwords, credit
card details on a fake site.
 Phishing attacks: The fake site is visually identical to the real one, tricking the user
into believing it’s genuine.
 Malware delivery: Fake websites can automatically download and install malware,
spyware, or keyloggers.
 Loss of trust: The victim believes they are communicating with a trusted domain,
but the attacker is actually controlling the communication.
 Wider impact: If an organization’s DNS is spoofed, customers may lose
confidence in the security of its services.
2. Demonstrate a simulation of a DoS attack and propose methods for its detection
and mitigation.

 DoS = Denial of Service → attacker overloads a target system or network, making it

unavailable to legitimate users.
 Achieved by flooding requests or exploiting resource-consuming vulnerabilities.
Simulation of a DoS Attack
Environment:
o Attacker system and victim system on same test network.
o Tools: hping3, LOIC, or custom scripts in a controlled lab.
Steps:
o Set up attacker and victim VMs in isolated environment.
o Identify victim’s IP address.
o Launch packet flood (e.g., TCP SYN flood using hping3 --flood).
o Monitor victim’s CPU, memory, and network usage.
o Observe slowdown or service unavailability.

Detection Methods
 Abnormal Traffic Volume – Watch for a sudden and unusual increase in traffic to
one port/service (e.g., HTTP on port 80).
 Repeated Patterns – Same type of requests coming from the same IP over and
over.
 Network Monitoring Tools – Tools like Wireshark or tcpdump can capture and
show traffic spikes or suspicious flows.
 Server Log Analysis – Check web/server logs for many incomplete connections
(SYN without ACK → possible SYN flood).
 Intrusion Detection Systems (IDS) – Use IDS like Snort to detect unusual packet
rates and trigger alerts.
Mitigation Methods
 Rate Limiting – Limit how many requests a single IP can send per second.
 Traffic Filtering – Block or drop malicious IPs at the firewall or router before they
reach the server.
 SYN Cookies – A TCP technique to prevent servers from running out of resources
during SYN flood attacks.
 Load Balancing – Spread incoming requests across multiple servers so no single
server gets overloaded.
 Upstream Filtering – Let your ISP or a cloud service like Cloudflare filter bad
traffic before it reaches you.
 Regular Patching – Update software to close security holes attackers could use for
DoS.
 3. Differentiate between DoS and DDoS attacks. What are the key prevention
techniques used against each?
Feature DoS (Denial of Service) DDoS (Distributed Denial of Service)

Number of Single computer or single Multiple compromised devices (botnet) from

Attack Sources internet connection various locations

Attack Simple – usually easy to launch Complex – coordinated attacks from many
Complexity and block sources

Lower – limited to one Very high – overwhelming flood of requests

Traffic Volume
machine’s capacity
Low – minimal resources Higher – needs botnet or many systems
Cost to Execute
needed
Easier – originates from one IP Harder – comes from hundreds/thousands of IPs
Detection
address
Impact on Can slow down or crash a Can completely shut down large networks or
Target service temporarily services

Attack Can be sustained for hours or days

Usually short-lived
Duration
Tracing Source Easier to trace and block Very difficult to trace due to multiple sources

Sending repeated requests from Thousands of infected devices sending traffic at

Example the same time
one PC
Prevention Easier – block the attacking IP Harder – requires specialized tools and filtering
Difficulty or connection

Prevention Techniques
For DoS Attacks (single source)
 Rate Limiting – Limit requests per IP per second to prevent overload.
 Traffic Filtering – Block the attacker’s IP at the firewall or router.
 SYN Cookies – Stop resource exhaustion during SYN flood attacks.
 Server Resource Management – Allocate enough resources to handle unexpected
traffic surges.
For DDoS Attacks (multiple sources)
 Load Balancing – Spread traffic across multiple servers so no single server gets
overwhelmed.
 Upstream Filtering – Use ISP or cloud services like Cloudflare/Akamai to filter bad
traffic before it reaches your network.
 Intrusion Detection & Prevention Systems (IDS/IPS) – Monitor and block malicious
traffic patterns in real time.
 Geo-Blocking – Temporarily block traffic from regions not relevant to your business if
the attack originates from there.
 Content Delivery Network (CDN) – Distribute content across multiple global servers
to reduce the load on your main server.
4. Demonstrate a password cracking technique using a dictionary attack and discuss
its effectiveness.

 Passwords are a common method of authentication for protecting accounts and systems.
 Attackers often try to guess or “crack” passwords to gain unauthorized access.
 Dictionary Attack is one of the simplest but effective password cracking methods.
 Dictionary Attack: A technique where an attacker uses a predefined list of possible
passwords (a "dictionary") and tries each one until the correct password is found.
 The dictionary can be:
o A list of common passwords.
o Words from a language dictionary.
o Modified words with numbers/symbols.

How Dictionary Attack Works

 Step 1: Attacker obtains the password hash or has access to the login interface.
 Step 2: Loads a wordlist (dictionary file) into the cracking tool.
 Step 3: The tool tests each word in the list as a password:
o If working against a hash → each word is hashed and compared.
o If working against a login → each word is tried as a login attempt.
 Step 4: Stops when the correct password is found or list is exhausted.

Effectiveness
 Advantages:
o Fast compared to brute-force because it tries only likely passwords.
o Works well against weak passwords (e.g., “123456”, “password”, “qwerty”).
 Limitations:
o Fails if password is long, random, or not in the dictionary list.
o Can be slowed down by account lockouts after multiple failed attempts.
 Time Taken:
o Depends on dictionary size and system speed.
o Small list → seconds; large, complex list → hours or days.

Prevention Against Dictionary Attacks

 Use Strong Passwords – Mix uppercase, lowercase, numbers, and special characters;
avoid dictionary words.
 Account Lockout Policy – Temporarily block login after a few failed attempts.
 Password Hashing & Salting – Store passwords securely so even if stolen, they are
harder to crack.
 Multi-Factor Authentication (MFA) – Require an extra step beyond the password.
 Password Managers – Help create and store long, random passwords.
5. Define phishing and malware. Discuss the social engineering techniques involved
in phishing.
Phishing
 Phishing is a cyberattack based on deception.
 In this attack, the attacker pretends to be a trusted person or organization (like a bank,
government agency, or popular company).
 The aim is to trick the victim into revealing sensitive information such as:
o Username and password,
o Credit card numbers,
o Bank details,
o Personal identity information.
 Methods of phishing:
o Fake emails (most common),
o Spoofed websites that look like real ones,
o SMS messages with malicious links (smishing),
o Phone calls pretending to be customer support (vishing).
 Example: A fake email claiming to be from your bank, asking you to click a link and
“verify” your login details.

Malware
 Malware stands for malicious software.
 It is any program designed to harm, disrupt, or steal information from a computer
system.
 Malware can:
o Damage files or operating systems.
o Steal confidential data.
o Allow hackers to gain unauthorized control over devices.
 Types of Malware:
o Viruses – attach to files and spread when files are shared.
o Worms – self-replicating and spread over networks.
o Trojans – look like safe software but contain hidden malicious code.
o Ransomware – encrypts files and demands payment.
o Spyware – secretly monitors user activity and steals data.
o Adware – shows unwanted ads, sometimes used to deliver more malware.
 How it spreads:
o Infected email attachments,
o Malicious downloads,
o Compromised websites,
o USB/removable drives.

Social Engineering Techniques in Phishing

Phishing attacks are successful because they exploit human psychology, not just
technical loopholes.
 Impersonation of Trusted Sources
o Attackers copy the identity of well-known companies, banks, or colleagues.
o Victims trust the name/logo and fall for the request.
 o Example: Fake “PayPal” email asking to confirm account details.
 Urgency and Fear Tactics
o Attacker creates panic so the victim reacts quickly without thinking.
o Example: “Your account will be locked in 24 hours unless you act now.”
 Authority Influence
o Attackers pose as authority figures (bank manager, IT administrator,
government officer).
o Victims obey because they believe it’s a higher authority.
 Emotional Manipulation
o Attackers use sympathy, greed, or fear.
o Example: Fake charity donation link after a natural disaster, or a lottery win
mail.
 Fake Websites (Spoofing)
o Look-alike websites with similar names/URLs and identical design to the
original.
o Victims type credentials on the fake site, which are captured by attackers.
 Personalization (Spear Phishing)
o Targeted phishing tailored to a specific person or organization.
o Attackers use personal details (name, designation, recent activities) to make
the message look genuine.
o These details are often collected from social media or leaked databases.