Using namespace std; The expansion of a steel bridge as it heated to a final Celsius temperature, Tf, from an initial temperature T0 , can be approximated using the following formula: Increase in length= a* L*(Tf-T0). Where a is the coefficient of expansion that is for steel is 11.7e-6, L is the length of bridge at temperature T0. Using this formula, write a C++ program that displays a table of expansion length for a steel bridge that’s 7365 meters long at 0 degrees Celsius, as the temperature increases to 40 degrees in 5 degree increments. Solution #include using namespace std; float Length(int Tf) { const float a = 11.7E-6; const float L = 7365; const float To=0; return a*L*(Tf-To); } int main(int argc, char const *argv[]) { cout<<\"Intitial Temperature\\tFinal Temperature\\tIncreased Length\ \"; for (int i=1;i<=8;i++) cout<<0<<\" degrees\\t\\t\"<.

1. Using the Web or another research tool, search for alternative means of defending against either
general DoS attacks or a particular type of DoS attack. This can be any defense other than the
ones already mentioned. Write one-page summary regarding the defense technique.
Solution
The most common DoS attacks target the
computer networks bandwidth or connectivity.
Bandwidth attacks flood the network with such a
high volume of traffic that all available network
resources are consumed and legitimate user requests
cannot get through, resulting in degraded
productivity. Connectivity attacks flood a computer
with such a high volume of connection requests,
that all available operating system
resources are consumed, and the computer can no
longer process legitimate user requests.
DoS attacks can be classified into five categories
based on the attacked protocol level, as illustrated
Douligeris, A. Mitrokotsa / Computer Networks 44 (2004) 643–666
DoS attacks in the Network Device Level include
attacks that might be caused either by taking
advantage of bugs or weaknesses in software, or
by trying to exhaust the hardware resources of
network devices. One example of a network device
exploit is the one that is caused by a buffer overrun
error in the password checking routine. Using
these exploits certain Cisco 7xx routers could be
crashed by connecting to the routers via telnet and
entering extremely long passwords.
In the OS level DoS attacks take advantage of
the ways operating systems implement protocols.
One example of this category of DoS attacks is the
Ping of Death attack . In this attack, ICMP

2. echo requests having total data sizes greater than
the maximum IP standard size are sent to the
targeted victim. This attack often has the effect of
crashing the victims machine.
Application-based attacks try to settle a machine
or a service out of order either by taking advantage
of specific bugs in network applications that
are running on the target host or by using such
applications to drain the resources of their victim.
It is also possible that the attacker may have found
points of high algorithmic complexity and exploits
them in order to consume all available resources
on a remote host. One example of an applicationbased
attack is the finger bomb . A malicious
user could cause the finger routine to be recursively
executed on the hostname, potentially
exhausting the resources of the host.
In data flooding attacks, an attacker attempts to
use the bandwidth available to a network, host or
device at its greatest extent, by sending massive
quantities of data and so causing it to process
extremely large amounts of data. An attacker
could attempt to use up the available bandwidth of
a network by simply bombarding the targeted
victim with normal, but meaningless packets with
spoofed source addresses. An example is flood
pinging. Simple flooding is commonly seen in the
form of DDoS attacks, which will be discussed
later.
DoS attacks based on protocol features take
advantage of certain standard protocol features.
For example several attacks exploit the fact that IP
source addresses can be spoofed. Several types of
DoS attacks have focused on DNS, and many of
these involve attacking DNS cache on name servers.
An attacker who owns a name server may

3. coerce a victim name server into caching false records
by querying the victim about the attackers
own site. A vulnerable victim name server would
then refer to the rogue server and cache the answer
Denial of Service (DoS) attacks have raised the importance of protecting availability as an
aspect of security
context, rather than (as previously) only addressing confidentiality and integrity. Attackers use
DoS in many
different ways, including extortion threats, obfuscation (to hide data exfiltration), hacktivism (to
draw attention
to a particular cause), and even friendly fire (when a promotion goes a little too well).
Now let’s look at the types of DoS attacks you may face – attackers have many arrows in their
quivers, and
use them all depending on their objectives and targets.
Flooding the Pipes
The first kind of Denial of Service attack is really a blunt
force object. It’s basically about trying to oversaturate the
bandwidth and computing resources of network (and
increasingly server) devices to impair resource availability.
These attacks aren’t very sophisticated, but as evidenced
by the ongoing popularity of volume-based attacks, they
are effective. The tactics have been in use since before
the Internet bubble, leveraging largely the same approach,
but they have gotten easier with bots to do the heavy
lifting. Of course this kind of blasting must be done
somewhat carefully to maintain the usefulness of the bot,
so bot masters have developed sophisticated approaches
to ensure their bots avoid ISPs penalty boxes. So we see
limited bursts of traffic from each bot and IP address
spoofing to make it harder to track down where the traffic
is coming from, but even short bursts from 100,000+ bots
can flood most pipes.
Quite a few specific techniques have been developed for volumetric attacks, but most look like
some kind of
flood. Floods target specific protocols (SYN, ICMP, UDP, etc.), and work by sending requests

4. to a target
using the chosen protocol, but not acknowledging the response. This quickly exhausts the ability
of these
devices to maintain state and causes the target to fail. Attackers need to stay ahead of Moore’s
Law,
because targets’ ability to handle floods has improved with their processing power. So network-
based
attacks may include encrypted traffic, forcing the target to devote additional computational
resources to
decrypting massive amounts of SSL traffic. Given the resource-intensive nature of encryption,
this type of
A volumetric attack is really
a blunt force object. It’s
basically about trying to
oversaturate the bandwidth
and computing resources of
network (and increasingly
server) devices to impair
resource availability.
Securosis — Defending Against Denial of Service Attacks 10
attack can melt firewalls, IPS, and WAF devices unless they are configured specifically for
large-scale SSL
termination (which they are typically not). We also see some malformed protocol attacks but
these aren’t as
effective nowadays because even unsophisticated network security perimeter devices drop bad
packets at
wire speed.
The attackers have compounded the severity of the attack using tactics like DNS amplification
and reflection.
In a reflection attack at the same time they target your site with a variety of floods, they are also
spoofing
your IP address and sending traffic to thousands of other sites. Those sites reply to your IP
address to
establish the session, and further increase the traffic hitting your site. Likewise, the attackers can
also send a
simple DNS request (using your spoofed IP address) to an open DNS resolver, which results in

5. upwards of
50:1 amplification of the traffic directed to you via the response. Again, these aren’t very
sophisticated
techniques, but can be very effective in magnifying the impact of the network-based attack.
These volume-based attacks are climbing the stack as well, targeting web servers by actually
completing
connection requests and then making simple GET requests and resetting the connection, over
and over
again, with approximately the same impact as a volumetric attack – overconsumption of
resources effectively
knocking down servers. These attacks may also include a large payload to further consume
bandwidth. The
now famous Low Orbit Ion Cannon (LOIC), a favorite tool of the hacktivist crowd, has
undertaken a similar
evolution, first targeting network resources and now proceeding to target web servers as well. It
gets even
better – these attacks can be magnified to increase their impact by simultaneously spoofing the
target’s IP
address and requesting sessions from thousands of other sites, which then bury the target in a
deluge of
misdirected replies, further consuming bandwidth and resources.
Fortunately defending against these network-based tactics isn’t overly complicated, as we will
discuss later
in this paper, but without a sufficiently large network device at the perimeter to block these
attacks or an
upstream service provider/traffic scrubber to dump offending traffic, devices tend to fall over in
short order.