Perform a NTP DDoS attack in your own virtual network. To attempt the attack, you should first try the Ping flooding DDoS attack, setting up the eight nodes as per the ping attack instructions (the step of Ping to Entire Network using Directed Broadcast is not necessary). Then using the same nodes/setup, perform a NTP DDoS attack. Follow the NTP attack instructions to setup the NTP servers and start the attack with ntprepeat.
You must perform the attacks inside a virtual network using virtnet. You should already have this setup from previous homeworks. The attacks require 8 nodes, which may about 1.2GB of RAM. If your computer only has 2GB of RAM, then it may not be possible to create and run the 8 nodes. I suggest using a computer with at least 4GB of RAM. You may use the Apple iMACs in the 3rd floor IT Lab (they have 8GB of RAM). They already have virtnet installed, so you should be able to immediately create the topology.
The NTP DDoS attack is an amplification attack. Therefore in your attack you should try to amplify the data sent to the target as much as possible within the given topology (that is, if the malicious node sends 10 kb/s but the target receives 50 kb/s, then the data has been amplified by a factor of 5). Don't use broadcast - use the ntprepeat script I provide.
Although you may discuss and work with others in understanding and setting up the attack, try to do the attack yourself. To measure how good the attack is, you need to measure the data being generated by the malicious node and the data arriving at the bottleneck link. Specifically, the incoming rate in kbit/sec to eth1 on node 2 and the incoming rate in kbit/sec to eth1 on node 7. You can measure these values by running iptraf on both node 2 and node 7 - select Detailed interface statistics and then interface eth1. Look at the Incoming rates value.
Submission is a single image (PNG or JPG) which is a screenshot showing iptraf running on both node 2 and node 7. The screenshot should be taken when the attack is running and should show the typical rates you observe during the attack (i.e. if the attack runs for 60 seconds, then take the screenshot after about 30 seconds). An example is below, where you can see iptraf running on both node 2 and node 7. Node 2 is receiving 15.0 kb/s from the malicious node, while node 7 is receiving 36.7 kb/s from reflectors to be sent to the target.
I may give a reward to those that produce impressive results.
I've collected the results from all those submitted and summarised in the table below. Focus on the TxRate (generated by malicious node 1) and RxRate (received at router to targets network). The NTP attack is an amplification attack - the last column shows the ratio of RxRate to TxRate, in descending order. One the results from my own test is included (screenshot is below). The top two results, by Kraisaek and Noppawat, are amazing (so amazing that I doubt they are accurate). If those two students can successfully explain how they got such high amplification to me then the are worthy of a reward. Later I will explain how I increased the amplification.
| Name | PacketsSent | BytesSent | TxRate | TxSize | PacketsRcvd | BytesRcvd | RxRate | RXSize | Amplification |
| Kraisaek | 12261 | 2697420 | 6.7 | 220 | 11521 | 3995028 | 60.8 | 347 | 9.1 |
| Noppawat | 1864 | 410080 | 7.1 | 220 | 1368 | 476064 | 57.3 | 348 | 8.1 |
| Steve | 656 | 144320 | 73.5 | 220 | 1316 | 438336 | 216.4 | 333 | 2.9 |
| Pattapon | 402 | 88134 | 21.3 | 219 | 402 | 129734 | 53.4 | 323 | 2.5 |
| Wanrudee | 10161 | 2235420 | 38.9 | 220 | 9421 | 3264228 | 86.9 | 346 | 2.2 |
| Peangthan | 2084 | 458480 | 25.5 | 220 | 1284 | 462240 | 53.2 | 360 | 2.1 |
| Suchatit | 27490 | 6046862 | 73.4 | 220 | 992 | 464256 | 150.4 | 468 | 2 |
| Phannapat | 2159 | 474980 | 74.5 | 220 | 1757 | 822276 | 151.9 | 468 | 2 |
| Tanawit | 364 | 80080 | 11.6 | 220 | 364 | 144144 | 23.6 | 396 | 2 |
| Warisa | 324 | 71280 | 52.4 | 220 | 356 | 121752 | 96.2 | 342 | 1.8 |
| Nutdanai | 176 | 38720 | 32.6 | 220 | 192 | 69120 | 59.2 | 360 | 1.8 |
| Siwat | 172 | 37840 | 36.7 | 220 | 174 | 68904 | 64.3 | 396 | 1.8 |
| Arnik | 2847 | 626340 | 37.1 | 220 | 2282 | 903672 | 64.9 | 396 | 1.7 |
| Sutthichai | 321 | 70620 | 37.1 | 220 | 2321 | 919116 | 64.9 | 396 | 1.7 |
| Watcharaporn | 2800 | 616000 | 67.4 | 220 | 2800 | 957600 | 111.6 | 342 | 1.7 |
| Pichaya | 12248 | 2694560 | 36.7 | 220 | 12248 | 3314520 | 59.3 | 271 | 1.6 |
| Santi | 576 | 126720 | 73.8 | 220 | 576 | 186624 | 118.8 | 324 | 1.6 |
| Puthipee | 4176 | 918720 | 73.4 | 220 | 3976 | 1431360 | 117.3 | 360 | 1.6 |
| Suwatchai | 178 | 39160 | 37.1 | 220 | 178 | 64080 | 59.2 | 360 | 1.6 |
| Warangkana | 11649 | 2562780 | 55.4 | 220 | 10909 | 3702052 | 86.3 | 339 | 1.6 |
| Chalanda | 9846 | 2166120 | 55.8 | 220 | 9106 | 3154608 | 86.3 | 346 | 1.5 |
| Thanapon | 2779 | 611380 | 73.8 | 220 | 1604 | 502568 | 113.3 | 313 | 1.5 |
| Guntachai | 585 | 128700 | 52.8 | 220 | 585 | 189540 | 80.6 | 324 | 1.5 |
| Anuwat | 912 | 200640 | 73.4 | 220 | 912 | 311904 | 111.6 | 342 | 1.5 |
| Supree | 8105 | 1783100 | 73.8 | 220 | 7365 | 2546676 | 112.2 | 346 | 1.5 |
| Chiipchanok | 164 | 36080 | 32.3 | 220 | 180 | 64800 | 49.1 | 360 | 1.5 |
| Sila | 256 | 56320 | 66.3 | 220 | 296 | 101232 | 98 | 342 | 1.5 |
| Thananut | 2691 | 592020 | 73.4 | 220 | 2691 | 871884 | 106 | 324 | 1.4 |
| Sumitra | 298 | 65560 | 7.5 | 220 | 298 | 96552 | 10.8 | 324 | 1.4 |
| Thanatchon | 1376 | 302720 | 37.4 | 220 | 1376 | 445824 | 53.5 | 324 | 1.4 |
| Sutthiphat | 980 | 215600 | 58.8 | 220 | 980 | 317520 | 83.8 | 324 | 1.4 |
| Maetawee | 552 | 121440 | 74.5 | 220 | 552 | 178848 | 106 | 324 | 1.4 |
| Techinee | 1324 | 291280 | 15 | 220 | 1324 | 426672 | 20.5 | 322 | 1.4 |
| Surayut | 700 | 154000 | 73.4 | 220 | 676 | 194688 | 96.1 | 288 | 1.3 |
