TUT was under a DDoS Attack!

By: Markku Vajaranta (@tut.fi), Joona Kannisto (@tut.fi) and Jarmo Harju (@tut.fi)

Lately records taken by the TUTCyberLabs personnel show that the TUT was under a very serious sized DDoS attack on 4th of November. But oh, wait! Is it real? The picture below shows the traffic flowing from other countries to Finland and more specifically to TUT’s network. Every single white line presents a network connection, and they all are pointed to TUT. Luckily, this was just a demo session run on TUTCyberLabs. Yet, it could happen in real life, which would cause quite a lot of headache to unprepared IT-administrators. So how can one simulate such attacks to practice defenses?

The software which displays the connections for a specific time period is Clarified Analyzer from Finnish cyber security company Codenomicon Oy. It is a situational awareness tool, in other words, it displays what is currently going on in the network. It is possible to monitor and troubleshoot networks in real time. Also, one can see from the history what was going on in the network at some specific time range. The tool displays information such as source and destination host, ports and protocols used. Further the data can be exported and inspected in more depth using Wireshark.

A screenshot

Massive DDoS attack visualization

Generating large scale network attacks requires special tooling. TUT CyberLabs and load testing equipment vendor Rugged Tooling Oy began a collaboration to improve cyber security earlier this year. TUTCyberLabs contains network packet generator called Ruge. Ruge is designed to craft massive amounts of network traffic, and the whole protocol layer is freely modifiable. Ruge supports also stateful traffic generation, which enables, for example, attacking services after the TCP 3-way handshake.

Courses related to information security often include laboratory exercises that take place in the TUTCyberlabs. These courses include e.g. Computer and Network Security, and Security in Networks. When the Lab is not reserved by any course, it is available for research related task for the whole Pervasive department personnel. In addition to stress testing, this laboratory can be used in quite a many different scenarios.

Did you get intrested? Come and take a look to the lab TC240 on 8th of December around 2pm. There will be coffee, munkki, nice hardware and very likely discussion on the possible research scenarios. Welcome!

This entry was posted in news, research and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *