Sirisha Surisetty, Student Member, Sanjeev Kumar
.
DOI: 10.4236/jis.2011.23011   PDF    HTML     5,643 Downloads   11,459 Views   Citations

Abstract

During the Distributed Denial of Service (DDoS) attacks, computers are made to attack other computers. Newer Firewalls now days are providing prevention against such attack traffics. McAfee SecurityCenter Firewall is one of the most popular security software installed on millions of Internet connected computers worldwide. “McAfee claims that if you have installed McAfee SecurityCentre with anti-virus and antispyware and Firewall then you always have the most current security to combat the ever-evolving threats on the Internet for the duration of the subscription”. In this paper, we present our findings regarding the effectiveness of McAfee SecurityCentre software against some of the popular Distributed Denial Of Service (DDoS) attacks, namely ARP Flood, Ping-flood, ICMP Land, TCP-SYN Flood and UDP Flood attacks on the computer which has McAfee SecurityCentre installed. The McAfee SecurityCentre software has an in built firewall which can be activated to control and filter the Inbound/Outbound traffic. It can also block the Ping Requests in order to stop or subside the Ping based DDoS Attacks. To test the McAfee Security Centre software, we created the corresponding attack traffic in a controlled lab environment. It was found that the McAfee Firewall software itself was incurring DoS (Denial of Service) by completely exhausting the available memory resources of the host computer during its operation to stop the external DDoS Attacks.

Keywords

Distributed Denial of Service (DDoS) Attack, McAfee Firewall, NonPaged Pool Allocs, ARP Flood, Ping-Flood, ICMP Land, TCP-SYN Flood, UDP Flood Attack

Share and Cite:

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	McAfee Claim, 2009. http://us.mcafee.com/root/landingpages/affLandPage.asp?affid=0&lpname=14229&cid=41183
[2]	Latest DDoS Attack on Twitter, 2010. http://status.twitter.com/post/157191978/ongoing-denial-of-service-attack
[3]	Latest DDoS Attack on Twitter and Facebook, 2010. http://www.techcrunch.com/2009/08/06/ddos-attacks-crush-twitter-hobble-facebook
[4]	US, South Korean Websites under Attack, 2010. http://government.zdnet.com/?p=5093
[5]	US Government Sites Bombarded by Botnet, 2010. http://news.techworld.com/security/118814/us-government-sites-bombarded-by-botnet/
[6]	S. Kumar, M. Azad, O. Gomez and R. Valdez, “Can Microsoft’s Service Pack 2 (SP2) Security Software Prevent Smurf Attacks?” Proceedings of the Advanced International Conference on Telecommunications (AICT’06), Le Gosier, 19-22 February 2006.
[7]	S. Gaudin, “DoS Attack Cripples Internet Root Servers,” 2010. http://www.informationweek.com/news/internet/showArticle.jhtml?articleID=197003903
[8]	NonPaged Allocations in Microsoft Windows, 2010. http://technet.microsoft.com/en-us/library/cc778082 (WS.10). aspx
[9]	Information on Pool Resources, 2010. http://blogs.technet.com/askperf/archive/2007/03/07/memory-management-understanding-pool-resources.aspx
[10]	D. C. Plummer, “Ethernet Address Resolution Protocol,” IETF Network Working Group, RFC-826, 2010. http://www.ietf.org/rfc/rfc826.txt
[11]	J. Postel, “Internet Control Message Protocol,” IETF Network Working Group, RFC-792, 2010. http://tools.ietf.org/html/rfc0792
[12]	S. Kumar, “PING attack—How Bad Is It?” Computers & Security Journal, Vol. 25, No. 5, July 2006, pp. 332-337.
[13]	Information about Mfehidk.Sys File, 2010. http://www.file.net/process/mfehidk.sys.html
[14]	NonPaged Pool Allocation in Windows, 2010. http://blogs.technet.com/markrussinovich/archive/2009/03/26/3211216.aspx
[15]	Possible LAND Attack Vulnerability Affects Windows XP and 2003, 2010. HTTP://articles.techrepublic.com.com/5100-10878_11-5611467.html
[16]	S. Raj, V. Hari and S. Kumar, “Performance of Windows XP, Windows Vista and Apple’s Leopard Computers under a Denial of Service Attack,” 2010 Fourth International Conference on Digital Society, (ICDS 2010), St. Maarten, 10-16 February 2010.
[17]	P.-E. Liu and Z.-H. Sheng, “Defending against TCP-SYN Flooding with a New Kind of SYN-Agent,” International Conference on Machine Learning and Cybernetics, Vol. 2, 12-15 July 2008, pp. 1218-1221.
[18]	Shakhov, V. Vladimir and H. Choo, “On modeling Counteraction against TCP SYN Flooding,” 21st International Conference on Information Networking, ICOIN 2007, Estoril, 23-25 January 2007.
[19]	W. Chen, D.-Y. Yeung and P.-E. Liu, “Defending Against TCP SYN Flooding Attacks under Different Types of IP Spoofing,” International Conference on Networking Systems and International Conference on Mobile Communications and learning Technologies, ICN/ICONS/MCL 2006, 23-29 April 2006, p. 38.
[20]	S. Kumar and E. Petana, “Mitigation of TCP-SYN Attacks with Microsoft’s Windows XP Service Pack2 (SP2) Software,” 7th International Conference on Networking, IEEE, Cancun, 13-18 April 2008.
[21]	F. Lau, S. H. Rubin, M. H. Smith and L. Trajkovic, “Distributed Denial of Service Attacks,” IEEE International Conference on Systems, Man, and Cybernetics, Nashville, 8-11 October 2000, pp. 2275-2280.
[22]	S. Surisetty and S. Kumar, “Is McAfee SecurityCenter/Firewall Software Providing Complete Security for your Computer?” 4th International Conference on Digital Society, (ICDS 2010), St. Maarten, 10-16 February 2010.
[23]	S. Surisetty, R. S. Gade and H. K. Vellalacheruvu, “Is McAfee Firewall Really Protecting Your System?” Award Winning Poster at “HESTEC Science Symposium,” 2009.