4248150-13398500 COMPUTER SCIENCE PRACTICE 4COSC008C Distributed Denial Of Service/Botnet Attacks Mirai IoT Botnet Attack Module Leader’s Name – Ms

4248150-13398500
COMPUTER SCIENCE PRACTICE
4COSC008C
Distributed Denial Of Service/Botnet Attacks
Mirai IoT Botnet Attack
Module Leader’s Name – Ms. Sulochana Rupasinghe
Name – Mathushaalini Udayakumar
Uow Number – w17148955
IIT Number – 2018121
Group Members
1.M.Jananie-w1714946
2.U.Mathushaalini-w17148955
3.D.S.K. Munasinghe-w1714909
4. S. Nithieskanna-w1714907
****CONTENTS****
Introduction……………………………………………………………………………3Literature review………………………………………………………………………4
Description about the attack
History
About Mirai Iot Botnet Attack
Methodology………..…………………………………………………………………5
Results and Discussions………………………………………………………………6-7
Conclusion……………………….…………………………………………………….5
References…………….………………………………………………………………..6
INTRODUCTION
Mirai IoT Botnet is a self propogating worm.Its the malware which has been activated to infect many IoT devices all over.And the it grew massively and many Iot devices such as security cameras,routers and digital video and audio recorders.It has been launched against the infrastructure of some companies and famous websites.This is also a massive attack throughout the history.Its one of the massive Ddos attacks where many servers are being subjected who had set the default passwords to their authorised components.This report briefly explains this issue.

LITERATURE REVIEW
According to Author.G mirai Iot Botnet aatack was a self propagating worm and the this infection was started implementing on August 1st and it took a long time to reach the targets.And the targets were the vulnerable iot devices which had single bullet proof hosting IP addresses and which were still using the default passwords.And the most infected Iot devices were the security cameras,routers and digital video and audio recorders.First day only 65000 IoT devices and end of the second day half of the internert of devices were scanned and at the end of the session of attacking tha was the peak of November and 600000 IotT devices were defected.Thus its also considered as the Botnet because the devises which are being infected are being controlled by a common commands by a centralized devices whish had grabbed many system to start the attack.

Mirai Attack had two components mainly when operaion,they were the Replication module and the Attack module.Replication module was responsible for growing the Botnet size and Attack module was responsible for carrying out the DDOS attack.This attack was bringing the devices which were commonly using the default password,and the attack module started tracing the IP addresss to start the ddos attack to the pretending targets.

Mirai IoT Botnet was established by a centralized attacker and then its been estalished to the public as a Hack Forum called “Anna-senpai” and made to spread to most of the systems and which also was brought to start the DDOS attack under the centralized system. After this was launched an army of infected computers to do a DDOS attack will be starting the attack and then the IoT devices which uses the same default passwords in common will be hosted using their IP address and it takes place in the same time and its purpose it to interrupt the normal use.

Mirai one of the massive Botnet attack over the IoT devices took place over 164 devices.” Mirai botnet was responsible for a slew of GRE floods that were mitigated, using a hit-and-run tactic, the attack peaked at 280 Gbps and 130 Mbps, both indicating a very powerful botnet.”(Anon.)
Mirai was launched based on the C;C coding method. Here the centralized system makes the command and control all other Botnets and subjects the IoT devices and this DDOS attack for mainly two purposes that is to
Launch and attack the vulnerable IoT devices and further grow the botnets.

Start the Ddos attack based on the centralized device commanding all the botnets through C;C method.

Mirai IoT Botnet makes the function to enable HTTP floods and some other network attacks and also ” Mirai is capable of launching GRE IP and GRE ETH floods, as well as SYN and ACK floods, STOMP floods, DNS floods and UDP flood attacks.” (Anon.)
Mirai the harmful program was temporarily starting its attack over the high profile services such as OVH, Dyn and Krebs on security.

Determining the reasons for such attacks are for some Financial reasons, Political reasons, for fun and some personal issues.

METHODOLOGY
“Understanding the Mirai Botnet” was the book I used as a method to collect data. This book is included in the Proceedings of the 26th USENIX Security Symposium also.

Author, G’s The Mirai Botnet Explained, How IoT Devices Almost Brought down the Internet. Anon (2016).

 Breaking Down Mirai: An IoT DDoS Botnet Analysis.Fruhlinger, J. (2018).

 The Mirai Botnet Explained: How IoT Devices Almost Brought down the Internet.

From all these works it was easy for me to collect some information how the attack did launched, how the attack was implemented, how this malicious program’s source code was released to join the army of BotNet and the measures to prevent these types of attacks against the vulnerable IoT devices.
RESULTS AND DISCUSSION
In this method we discuss about the data roles the Botnets the army whose involved in this hacking program, they had included a massive network telescope to trace out the networks, large scanning operations, DNS traffic holder and C2 attack method and etc.

At last due to the attack many IoT devices were subjected and many researchers found that this was an attack done by the Russians and it was believed that mostly the web servers and other famous devices is being hacked but this attack was done massively on the gaming platforms.

Mirai brought a major focus on the technical and regulatory challenges over the IoT devices and because mostly the IoT devices are heterogeneous based on the operating systems where sometimes the vendors will have the key of operations and so there will be a need of adding high security our devices which cannot be easily trapped by the outside reviewers example hackers. So there are many measures we could handle to get protected from the threatens like the massive Mirai Iot Botnet attack.

The various independent servers which got affected due to this was Krebs on security attack timeline, OVH attack, DUETSCHE TELEKOM,DYN, AirBnB, Amazon, Github, HBO, Netflix, Paypal, Reddit, and Twitter, by disturbing the DYN name-resolution service and etc.

Though Mirai IoT Botnet attack was having an army it was first launched by a single person and then the source code was released suddenly so all the copycat hackers. (Author, G. 2018).

And this Mirai Iot attack performs a wide range of scanning the IP address so it could easily launch the worms and locate the program easily identifying the Iot devices using the default passwords. Mirai uses the brute force technique to get the passwords. It was finally found that the Mirai Iot network was having traces of Russian language and it’s been done by the Russian origins and belonging to group of hackers (Anon, 2016).

And measures we could take against these type of Ddos attack are like the default passwords must be made harden, then use defragmentation so that we could have the security warnings and make a perfect solution, if the system is being used for a long time so END-OF-LIFE could be implemented such that there won’t be any leaking of data.

Mirai also makes HTTP Flood and network-level-attacks, also the Mirai hosting systems checks out whether the subjected device has a malware so it wipes it out so that it can control the IoT devices without any other disturbance of other malicious soft-wares.

The main thing that this attack can be prevented by the network servers using such IoT devices:
Must use high security setups such as they should have firewalls.

Avoid default credentials:
This avoids from the credential lists the hackers make to compromise for the attacks such as those devices which got infected during the Mirai IoT Botnet.

Make auto patching mandatory:
Basically the IoT devices are “set and forget” basis so make auto patch up mandatory if reasonable so your IoT device can be safe.

Implement rare limiting:
Implementing such can afford to stop using weak and default passwords
Another method is that they can use captcha and proof of works.

Disable all remote (WAN) services to protect your IoT devices.

Keep the Security cameras under authority. (Author, G.2017). 
CONCLUSION
In this work I have been discussing about the one of the massive DDOS Attacks in our world history which took place in late 2016 which is the MIRAI IoT Botnet attack. This was a foundation for a best hack in the world to track the IoT devices which had an issue in their security example they did have a unique password for their system and some issue in their domain. So there was an easy platform for the hackers to get rid of these devices and now we had thoroughly gone the crisis and the consequence so hereafter we should be vigilant with all our data sources with high security as discussed above as the prevention measures and I hope this would be a good source of information to get a brie knowledge about a massive DDOS attack against the vulnerable IoT devices.

REFERENCES
Author, G. (2017). 
Inside the Infamous Mirai IoT Botnet: A Retrospective AnalysisOnline.
Available at: https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/ Accessed: 11 November 2018.

Anon (2016).

 Breaking Down Mirai: An IoT DDoS Botnet AnalysisOnline.

Available at: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
Accessed: November 2018.

Fruhlinger, J. (2018).

 The Mirai Botnet Explained: How IoT Devices Almost Brought down the InternetOnline.
Available at: https://www.csoonline.com/article/3258748/security/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html Accessed:November 2018.

Antonakakis M, April T, Bailey M,Bernhard M, Cochran J. Durumeric Z, Alex Halderman J, Ann Arbor; Luca Invernizzi, Michalis Kallitsis Deepak Kumar, Chaz Lever, Zane Ma Joshua Mason, Damian Menscher, Chad Seaman, Akamai; Nick Sullivan, Kurt Thomas, Yi Zhou (August 16–18, 2017 )
 Understanding the Mirai Botnet. USENIX Online.

Available at: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf (Accessed: )