Homework 4: Denial of Service

EECS 388 
Intro to Computer Security Homework 4: Denial of Service
Homework 4: Denial of Service

Late submissions will be penalized by 10% plus an additional 10% every 5 hours until received.
You may submit one assignment late without this penalty. In either case, late work will not be
accepted after 20 hours past the deadline. If you have a conflict due to travel, interviews, etc.,
please plan accordingly and turn in your homework early.
We encourage you to discuss the problems and your general approach with other students in the
class. However, the answers you turn in must be your own original work, and you are bound by
the Honor Code. Solutions should be submitted electronically via CTools in plain text format by
completing the template at the end of this document.
Concisely answer the following questions. (Limit yourself to at most 80 words per subquestion.)
1. Client puzzles. Denial-of-service (DoS) attacks attempt to overwhelm a server with a huge
volume of requests. Researchers have proposed a defense against DoS attacks called client
puzzles: For each request, the server sends the client a freshly generated random challenge r
and a difficulty parameter n, and the client has to produce a solution s such that HMACr(s)
ends in n zero bits. Clients must present a valid solution to receive service.
(a) What is the expected number of HMAC computations for the client to compute the
solution? How many HMAC computations does it take for the server to check the
solution?
(b) Suppose a “unit of work” is equivalent to the difficulty of computing one HMAC. If an
attacker enjoys an amplification factor of 64 (i.e., the attacker can cause the server to
do 64 units of work by expending one unit of work), what should n be to negate this
advantage using client puzzles?
(c) Some denial-of-service attacks employ a large number of malicious clients to overwhelm the server. Briefly, how can the system adjust the puzzles to ensure that legitimate clients receive service during such attacks without requiring them to do excessive
work solving puzzles when the system is not under attack? Hint: think about the scenario in terms of supply and demand.
2. Distributed denial-of-service. A popular attack tool among novice hackers recently has
been the Low Orbit Ion Cannon (LOIC), which features a user-friendly GUI as well as an
option to voluntarily add yourself to a botnet controlled via an IRC channel. We do not
recommend installing or using LOIC!
(a) LOIC is a fairly simple program. The source file at http://goo.gl/iFeHk2 contains the
primary attack mechanism. Briefly, how does this mechanism work?
(b) The LOIC command and control system (“Hive Mind mode”) is also fairly simple.
It is described in the README file at http://goo.gl/mpu9ZU. Briefly, how does this
mechanism work?
(c) Other than client puzzles, what are some things a website could do to defend itself
against a LOIC Hive Mind attack? If the attack involves thousands of bots, how can
the server distinguish them from legitimate clients?
(d) Briefly, what was Operation Payback?
(e) Who is Christopher Wayne Cooper? What was he charged with when he was indicted?
(f) Briefly, compare and contrast LOIC Hive Mind mode to a typical botnet.
(g) Briefly, compare and contrast LOIC Hive Mind mode to a political protest.
Submission Template
Make sure each answer is formatted as a single line, and that the file you submit is in plain text
format. You may use LaTeX-style math syntax if you wish.
# Problem 1
1a. [Answer ...]
1b. [Answer ...]
1c. [Answer ...]
# Problem 2
2a. [Answer ...]
2b. [Answer ...]
2c. [Answer ...]
2d. [Answer ...]
2e. [Answer ...]
2f. [Answer ...]
2g. [Answer ...]
2