Implementation of DoS and DDoS Attacks on Cloud Servers

Cloud environments face many threats as traditional corporate networks, but due to the vast amount of data stored on cloud servers, providers become an attractive target. Thus the security level of data on the cloud servers is always a key issue from preventing potential attacks. This paper intends to show a relatively easy way to implement a Denial of Service (DoS) attack and/or a Distributed Denial of Service (DDoS) attack. The used Phyton scripts like HULK or XML-RPC are able to make several hundred requests to the server in short period of time. The HULK is better for DoS attack, while XML-RPC is for pure DDoS attack. It is concluded that with proper tools and applications, the access to the VM and DDoS can be implemented relatively easy way.


Introduction
Cloud computing is a revolutionary concept that offers a new way to access personal data and applications, which are no longer located on the computer but in the cloud -which means that the program records and documentation can be accessed from multiple devices, anytime and from different locations.As a result, user services in the cloud can be better, faster and easier to use and modify.Unfortunately, nowadays the cloud environments face many threats as traditional corporate networks.Nevertheless, due to the vast amount of data stored on cloud servers, the providers become an attractive target.The severity of potential damage tends to depend on the sensitivity of the data exposed.The Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are well-known.The DoS attack typically uses one computer and one internet connection to flood a targeted system or resource.The DDoS attack uses multiple computers and Internet connections to flood the targeted resource.The DDoS attacks in cloud computing are also termed as Economic Denial of Sustainability (EDoS) attacks, due to the substantial economic losses both from resource usage and business disruption.These losses are directly proportional to the downtime incurred by the attack.In recent times, cloud computing has been adopted across the globe to support the major information technology requirements of organizations from all industry sectors.As highlighted in, majority of the organizations (> 87%) across the globe are using cloud infrastructure to run their mission critical applications.This adoption trend is due to the profound resources and availability of on-demand resources in the cloud.However, the emergence of cloud computing has also led to the shift of DDoS attackers more towards the cloud driven services.More than 33% of the overall reported attacks in year of 2015 were targeted towards cloud services [1].In addition, cloud features are becoming attractive to the attackers.Most of the reported DDoS attacks usually last between few minutes to few hours and some major attacks may last few days to even weeks.A recent report on global DDoS attack reveals that close to a quarter of current DDoS attacks target the application layer, and one-fifth of the HTTP DDoS attacks are HTTP GET floods [2].There are many recent DDoS attacks on cloud services among which the attacks on Amazon EC2 services, RackSpace and Linode are major incidents resulting into considerable service outages [3].There are numerous interesting survey as well as research papers (e.g., [2,) available which include works DOI: 10.21533/pen.v6i2.170PEN Vol. 6, No. 2, December 2018, pp.148 -158 related to DDoS attacks in various networks both from the perspective of attacks and solutions.Major motivation behind DDoS attacks includes business rivalry, political ideology, and cyber war among countries.The most common outcome of DDoS attacks is unavailability of target service.The unavailability causes many short term and long term business and reputation losses, which are actually a set of consequences of the service downtime [39].There are various ways of implementing DoS and DDoS attacks.There are also various ways of protecting servers from DoS and DDoS attacks.For examples, Lonea et al. [40] suggested a model to detect and analyze DDoS attacks in cloud computing environments using Dempster-Shafer Theory (DST) [41].But the computational complexity [42] of DST increases exponentially with the number of elements in the frame of discernment (e.g., a mass function goes 2 n − 1 for n elements in the state).Hiziroglu et al. [43] proposed a conceptual model of a cloud-based customer analytics tool for retail small and medium enterprises.Sabanovic et al. [44] presented a comparative analysis of data formatting technology in AMF, JSON and XML, during data transfer between client and server.Sharif et al. [45] implemented an exemplary parallelization of artificial neural network training by dint of Java and its native socket libraries.Simpson et al. [46] proposed a solution of DDoS attacks in computer networks considering an inter-domain collaboration scheme.Kolandaisamy et al. [47] suggested a multivariant stream analysis approach to detect and mitigate DDoS attacks in vehicular Ad Hoc networks.Chadd [48] described the kinds of DDoS attacks for past, present, and future.Bhardwaj et al. [49] compared single tier and three tier infrastructure designs against DDoS attacks.Swain et al. [50] presented an approach for DDoS attacks to discriminate the attack level and provided security for DDoS nodes in MANET.This paper addresses an easy implementation of a DoS attack on servers and it shows that the cloud servers have some protection against basic attacks.When it comes to larger DDoS attacks, the virtual machine (VM) on those clouds can misbehave and fail.VM is based on computer architecture and provides functionality (e.g., [51]) of a physical computer.The protection of VM on the cloud can be provided by some software or simple blocking of the certain server connections.The blocking of those servers is very dangerous, since the block can affect some the users trying to fetch their data or trying to get response from service without intention of DoS attack.It is worth mentioning that implementations of both DoS and DDoS attacks are not so difficult but due to lack of approval from appropriate authorities, we could not implement the XML-RPC script wholly to any clouds and its VM.Thus this paper is limited to the implementation a DoS attack on servers using HTTP Unbearable Load King (HULK) script1 .Durakovic [52] explored historical aspects of Design of Experiments (DOE) and provided state-of-the-art of DOE's applications for guiding researchers how to conceptualize, plan, conduct experiments, analyze, and interpret data.It is said that DOE was most popular tool in scientific areas of medicine, engineering, biochemistry, physics, computer science and counts about 50% of its applications compared to all other scientific areas [52].Although recently DOE mathematical methodology is using for planning and conducting experiments as well as analyzing and interpreting data obtained from the experiments, in this paper DOE has not been considered because of widely lack of huge experimental data and proper experimental permission from appropriate authorities.Consequently, the consideration of DOE has been left for future study.The rest of this paper is organized as follows: Section 2. delineates the implementation of DoS and DDoS attacks; Section 3. reports the empirical results and our observations; and Section 4. concludes the work with few clues for further investigation.

Implementation
This section briefly explains architecture of DDoS attacks and security measures against them.As a part of this paper, an experiment will briefly explain how a DDoS attacked is performed in order to fully understand what kind of process is it.After understanding DDoS, conclusions and logical solution to the problem and potential breakout will potentially arise.

DoS attack using HULK script
To implement a DDoS attack from one machine, a script can be made in various programming languages.This experiment uses Phyton as a language in which script is calling a request-response service multiple times in Sefat Mahjabin PEN Vol. 6, No. 2, December 2018, pp.148 -158 certain amount of time.The HULK script was originally developed as a proof-of-concept to illustrate how easy it is to take down a web server.The HULK script works by opening a flood of HTTP GET requests to overwhelm its target.The HULK script is unique in that every request has a random header and URL parameter value to bypass a server's caching engine.The Listing 1 demonstrates a part of HULK script which calls other methods.
It executes the final attack to the servers and keeps making request-response until master machine stops it.
Listing 1. Execution process of HULK script in Python (hulk.py).
1 # e x e c u t e 2 i f l e n ( s y s .a r g v ) <2: The targeted site was firstly checked is it responsible and does it works without any DoS attacks.The site was available for several servers.Consequently, it was ready for testing.Figure 1 represents the response from target website to host servers.All sensitive links in the images are blocked with red color for security reason.
After finishing the checkup, the target has been attacked with HULK script.The HULK script that is making requests is doing while() do loop, which means it is attacking all the time.Figure 2 demonstrates HULK script performing in the command prompt commands.After the attack it is notable that the website is not responding.This indicates that the HULK script made out target server go down.To make sure that nobody can access the server, the check was made once more from host server list.The conclusion is that nobody can access the site anymore.Figure 3 depicts the host server list after a DoS attack.

Cloud servers with DoS attack
A cloud server is a logical (rather than a physical) server that is built, hosted, and delivered through a cloud computing platform over the internet.Billions of Internet of Things (IoT) devices are connected via internet.The IoT cloud service creates excessive communication between inexpensive sensors (e.g., [53]) in the IoT.However, the cloud servers possess and exhibit similar capabilities and functionality to a typical server.But the cloud servers are accessed remotely from a cloud service provider.The cloud server hosting services are provided by multiple connected servers that comprise a cloud.The advantages of cloud server include: (i) Onsite hardware and capital expenses are not needed; (ii) Best fit for smaller companies which would outgrow storage too quickly; (iii) The costs of the data recovery would outweigh the benefits for companies which are not as dependent on uptime and instant recovery.
It is interesting to know what happens in cloud servers with DoS attacks.The HULK script attack will be applied to several cloud servers.To understand the way how the script is attacking, an example is given hereby.As targeted site was attacked from Master PC, and then from remote server it has to go down as request from larger servers were to trying multiple times to access relatively small server.Similarly, for attacking the cloud servers, we would need a bigger amount of machines performing attack on cloud so that they will go down.
Figure 4 shows how this script is unable to perform any damage to cloud servers in general.It is clear that script was not able to do anything to the clouds themselves, as the google.bdand google.comand facebook.comand amazon.comdid not reply to attack.This protection is actually not a real protection as this server is just prepared for this amount of requests.As the data clouds are having hundreds of requests each second, this little peak does nothing to the cloud server.Nevertheless, this is not the case if we would have access to certain VM and penetrate directly to it.The VM has limitations and has a maximum workflow.Consequently, it would not stand DoS attacks.The HULK script was not applied to any cloud VM as there was no direct access to cloud VM.

XML-RPC DDoS attack
Unlike XML-RPC DDoS attack, HULK script is not using multiple servers (server list) as a zombie army for attack.The Hulk is rather attack from few or few dozen machines.XML-RPC DDoS attack is more complicated and more dangerous for web servers and clouds.Most of the people are unfamiliar with the concept of the XML-RPC DDoS attack.The main misunderstanding is that one of the most famous web-site makers is the holder of the script that is attacking servers.Unlike the opinion of some people that it is some list of pirated servers that is holding those scripts.Namely WordPress websites are holding XML-RPC script which can be a part of a larger network of DDoS attack.XML-RPC is a simple, portable way to make remote procedure calls over HTTP.It can be used with Perl, Java, Python, C, C++, PHP, and many other programming languages.The WordPress, Drupal and most content management systems support XML-RPC.This HTTP call can be repeated multiple times thus make a DDoS attack.Taking into consideration that there are dozen millions of WordPress impact of the of the attack of so many machines cannot be fully understood.As a security measure, there is a way to prevent this misuse.Raising awareness of WordPress users that their services can misused.This will just prevent other machines to misuse that server/website for further DDoS attacks as some of the users can choose another platform for their website.Secondly, WordPress (WP) using XML-RPC should manually prevent the misuse.The simple script provided in Figure 5 will prevent misuse with XML-RPC API.

Empirical Results and Observations
In this section, the experimental results along with our observations of this study have been presented.Cloud environments always face unlimited mumbler of the threats.But due to the vast amount of data stored on cloud servers the providers become an attractive target.The main reasons behind the DDoS attacks include business rivalry, political ideology, and cyber war among countries.The most common outcome of DDoS attacks is unavailability of target service.The unavailability causes many short term and long term business and reputation losses.The DDoS attacks often cause a data breach.Thus companies may incur fines or they may face lawsuits   or criminal charges.Breach investigations and customer notifications can rack up significant costs.Indirect effects, such as brand damage and loss of business, can impact organizations for years.Thus security level of the data on the cloud servers will always be the cardinal concern.
Our study intended to show the security level of the cloud servers.The experiments in our study are relatively easy to implement a DoS or DDoS attack.Phyton scripts like HULK or XML-RPC are able to make several hundred requests to the server in short period of time.HULK script made HTTP requests for the server which was immediately unresponsive for all other requests.The amount of the requests made the server block and hold all incoming request as it was unable to respond due to request flood.This resulted in failure of the certain domain that is tested and the server was down.Tested domain was located on private server with small or no protection level.The machine that was holding this web page can be seen as VM on the cloud, if there is access to a VM in the cloud.It would be relatively easy to apply the script to it and the result with the same outcome could be expected.Unlike HULK script, XML-RPC is using a server list of available machines that are making multiple requests to the server.HULK is rather DoS than DDoS attack, while XML-RPC is pure DDoS attack as it sends request for its hosts to attack the certain domain.This is the main difference between the HULK and XML-RPC.XML-RPC can be much more efficient when it comes to flooding, making server to be unavailable and breaking the server down.Figure 6 depicts the IP addresses and web pages hosting XML-RPC API and behaves as a zombie in DDoS attacks.As those lists are available on the internet, the easiest protection of VM could be limitation of those servers and IP addresses.Putting those servers could easily block penetration to the VM and hence block the DDoS attacks.Based on our observations, the accessing of VM on the cloud can be as easy as the first experiment in this study -attacking the standalone server with Hulk script.Thus it can be concluded that with proper tools and applications, access to the VM and DDoS can be implemented relatively easy.As there are records of those attacks, it can be seen that XML-RPC script is doing its job very effectively.
Sefat Mahjabin PEN Vol. 6, No. 2, December 2018, pp.148 -158 The target VM goes down just like the standalone server.Consequently, the protection of the VM of the clouds can be improved.The target VM cannot protect itself from the pingback attack of the XML-RPC API's.This should be done by the cloud which should regulate the high slope of the unexpected requests.
It is noteworthy that we did not implement the XML-RPC script to any clouds and its VM since we had no approval to implement the experiment to any cloud and VM.It is an excellent idea to take into account the DOE mathematical methodology.Nowadays, DOE is using for planning and conducting experiments, analyzing, and interpreting data.But due to lack of huge experimental data and proper experimental permission from appropriate authorities, the consideration of DOE has been left for future investigation.

Conclusion
An easy implementation of DoS attack was performed using HULK script in Python.The used script is able to make several hundred requests to the server in short period of time.The HULK script is good for DoS attack, while XML-RPC goes pure for DDoS attack.With proper tools and applications, the access to the VM and DDoS can be implemented in a relatively easy way.The implementation of the XML-RPC script was not performed entirely due to lack of permission, and henceforth the future work would implement the XML-RPC script to any clouds and corresponding VM. 5.

19 f o r i i n r a n g e ( 5
n t ("−− HULK A t t a c k S t a r t e d −−") 11 i f l e n ( s y s .a r g v ) == 3 : 12 i f s y s .a r g v [ 2 ] == " s a f e " : 13 s e t s a f e ( ) 14 u r l = s y s .a r g [ 1 ] 15 i f u r l .c o u n t ( " / " ) == 2 : 16 u r l = u r l + " / " 17 m = r e .s e a r c h ( " h t t p \ : / / ( [ ˆ/ ] * ) / ? .* " , u r l ) 18 h o s t = m .g r o u p ( 1 )

Figure 4 .
Figure 4. Testing cloud servers with DoS attack.