Testing of Network Using Sophos Firewall with

Layer Three Switch Through DoS Attacks

Abstract
Computer Network attack on different companies are very danger, due to these attacks
many companies suffer problem in losses secure data. These attacks are causing, real time
transaction problem, such as financial problem, Network delays etc. In this paper, we will use
different testing technique in order to test network. This technique uses the multi type of
tolls and methods for generating attacks, for this purpose, I create network scenarios to test
the network. The practical part of this paper will analyze Sophos firewall, Sophos firewall create
major role in this paper, all work done in a lab environment. Firewalls that will be use in this
paper is Sophos. For testing the network, we will generate DoS (Denial of Service) attacks on
network, and finally we conclude how firewalls work to secure the network from different attacks.
Keyword: Computer Network, Network delay, Sophos, DoS

1. Introduction
As Per New Technology, many companies facing many Cyberattack. With the increase of
Network security attacks, this Environment create higher probability of vulnerabilities in
company’s software and network domains.in recent years, many companies suffer many losses
in network areas. Many open available tolls on internet create malicious activities on network.
In our work, we address the DOS Attack on network we arrange a lab environment type
network for secure network solution. Many research work different firewalls, new scenarios
for address this problem, many solutions available to solve this problem [6], but our work
generate a best solution to solve the network security issues. This solution is easy to
implement, cost effected and no complex configuration needs to obtain the best results.
Providing secure and better quality of service network solution, I analyze the firewall solution.
There is many types of attacks such as device delay, service delay, Injection of faulty data, etc.
[1-3] DoS attack is to be one of the top listed cyberattack in the field of cyberattacks. The aim
of DoS attack is to decrease the performance of system and create the delay between the
services. Through DoS attack, the attackers work like a legitimate user of network and access
the data of network like emails, access to web server etc. During this process, the attacker
sends a flood of connection request to the server for creating delays. The servers have limited
number of connection to provide services. When the flood of connection request come to the
server, the performance of server decrease and no one can access the server. Thus, the
legitimate users cannot uses the services of servers. [5]
In this paper, we use penetration-testing technique for simulating DoS attacks to verify the
security of network. I am simulate scenarios using Firewalls and I am providing a better
solution of secure the data. I am assuming the attacker is attacking from Internet (outside
the network). I am simulating how DoS attacks create issues on web services, which are
located in a test network.
The paper organized as follows. In Section 2, describe the related work. Different testing
techniques describe in section 3.It describes the Methodology, practical work explanation and
results in Section 4. The conclusions and future work detail given in Section 5.

II. Related Work

DoS Attack:-
Security in industrial networks has been investigate over the last many years. While generally
facing the same security issues related to services, thus a variety of mechanisms addressed to
manage the DOS attack. Many of them provide solutions to ensure Confidentiality, or
authentic user [7] in the network. There are many denials of service attacks. Some may consist
in jamming the channel used for communication.
Firewall:-
A designed hardware based on IPS / IDS. Providing port based security over and across the
network. World recognized firewalls are CISCO ASA, Juniper, and Fortigate etc. Blocking SMURF
attack on firewall (SMURF is based on high level flooding of ICMP packets).a lot of researcher
have worked on different types of firewalls [8].
many work related to DOS Attack and firewall are given in research. Most of the researcher use
firewall with router. In our work, we using layer three switch instead of router, because the
firewall already provide routing facility.

11I. TESTING TECHNIQUE

Network attack testing is a method that simulates an attack for analyzing and test the
loopholes
Of a network. I am using GNS3 for creating a Network for test the attacks. This test can
be generate using hardware or software tools, it depend the condition of network. The
main purpose of this method is to analyze the behavior of a network during an attack from
inside or outside the network. After test the network, we are easily know the loopholes and
flaws of a network. I am using the pen-tester, for test the network, the pen tester provide
full information of a system and provide future vulnerabilities of network. Penetration testing
can be done from inside or outside network depends upon the scenario you creating.

IV. Testing network on GNS3

In this section, we create a network on GNS3. All testing scenario created on the GNS3. I
generate different types of DoS attacks on the network and check how a network system
control the attack.
We will use two different scenarios:
Scenario I: A web server attack from the Local area network
Web Server, attacker
Scenario 2: A web server attack from Internet. The web server is protected Sophos Firewall
Web server; layer three switch, Sophos Firewall, Attacker

Many types Of DoS attacks, but in this paper, we will perform tests using TCP and UDP
flood. In a SYN flood attack, the attacker Send packets to open port 80 on the targeted
server, with the help of LOIC tool. The server respond the client request, to build the
connection from client to server. TCP flood attack’s aim is to decrees the performance of
Server. After the few seconds, the client cannot use the services. Normally the client request to
server to build the connection, the client and server send the request and response messages
to each other. The Client send SYN Message to the server, The Server send SYN-ACK to the
client .The Client Send ACK for connection conformation [5]. A UDP flood attack is a denial-of-
service (DoS) attack; this is a connection less computer networking protocol. UDP send ICMP
messages for connection building. I am using LOIC tool for generate TCP and UDP flood. This
tools use for testing purpose. GNS3 is a graphical network simulator; all required OS and VMs
are draw on the GNS3. All Scenario and testing are run on GNS3 with physical devices.
I am target the web server in my GNS3 network topology, the targeted web server address
is http//10.1.1.142 and this is located in my GNS3 Network.

1. Web server attack from the Local area network

For fist scenario web page installed on web server services, for web server I am using IIS
(Internet information services) server on Window 7 OS, on attacker PC install LOIC
tools for generating attacks. The attacker pc attached with web server directly in local area
network. For monitoring the traffic I am using Wireshark (Wireshark is an open source
packet analyzer. It is use for troubleshooting, analysis, traffic monitoring etc.).
Wireshark already integrated with GNS3.i am using nmap (network mapper) for port
scanning, port 80 is open on web server. The port 80 is a TCP Port. Here is the first network
topology in my GNS3,

First, the attack generate from single PC. From this attack, we noticed that the page loading
time change in few delay/.TCP flood from a single PC generate from heavy flood. Therefore, we
increased the number of packet size, generating TCP packets on port 80. The results from this
test shows in figure,

Can be seen here that the traffic generated from four PCs to the Web Server has achieved
maximum packet size. Theoretically, I am increasing the size of TCP Packet then the result, the
result of increasing the packet size shows in graph, when I increase the size of packet the
loading page take a lot of time to open, a time the web server respond nothing. The delay of
loading page increased and nothing load on web page.
Next we generate the UDP Flood on web server on port 80.but the UDP is a connection less
protocol so no need to open the port. Due to connection less the attacker no need to respond
the requests.
Last, we conclude the result of local area network attack, after the attack, the web server
responds the slowly and after the few time the web server does not provide the services of
server, the delay of web server increased and nothing to serve. In UDP attacker, easily stop the
services of server.

2. A web server attack from Internet Using Firewall and Layer Three switch
In this scenario, introduce the Sophos firewall in my network and provide the two solution of
controlling attack. The first scenario the attacker launch the attack from internet and the other
the local area network client attack the web server. I am using Sophos firewall in local area
network and internet. The network diagram below mentioned.

Sophos firewall is the advance level firewall, with many integrated functionalities, such as web
protection, server protection, spam protection, intrusion prevention, endpoint protection, etc.
To perform tests and to analyze the difference between without firewall protection and with
Sophos firewall protection. I am again launch the TCP and UDP Flood on webserver with using
port 80 port. The result of after attack are shown in figure
After the attack on web server, the web server running very smooth the web server not face
any delay during Opening the web page. This firewall block the all traffic that generate the
attacker. The firewall provide the access to attacker on web server but the traffic of TCP and
UDP blocked. I am launching the TCP and UDP traffic one by one to test the firewall. Next step I
am generating the attack from local network the user in the local network using the gateway of
Sophos firewall. When the local user access the web server and launch the attack, the Sophos
firewall block the traffic on TCP and UDP.

V. CONCLUSIONS
After the attacks and scenarios, we analyze that local and internet attacks are create many
problems. After the lab, testing it has been concluded that in the local area we are save when
we use the Sophos Firewall gateways and in the internet we are save when we use the firewall
after the internet, the Sophos firewall provide routing facility so we use Sophos with layer
three swith.in may result. I am recommend the companies to use Sophos and any other
firewall for protection, Monitor and Check your Network on regular basis.
In future, we perform this on other firewall and provide better solution for controlling the
security attack.

REFERENCES
[1]Security TechCenter. (2014, April 8). "Microsoft Security Bulletin MS 14-017
Critical". URL: https://technet.microsoft.com/enus/ library/security/ MS4-017?
f=255&MSPPError=-2147217396 (retrieved 4 January, 2017)
[2]C.Anley, J.Heasman, F. Lindner, G. Richarte "The Shellcoder's Handbook: Discovering and
Exploiting Security Holes". 2007. Wiley
[3]T. Hayajneh, B.J Mohd, A. Itradat, ANQuttoum "Performance and Information Security
Evaluation with Firewalls," International Journal of Security and Its Applications, SERSC, Vol. 7,
No. 6, pp 355-372, 2013.(DOI: 10.14257/ijsia.2013.7.6.36)
[4]S. Sridhar, "Denial of Service attacks and mitigation techniques: Real time implementation
with detailed analysis", 2011, SANS Institute
[5] M.Khaled, Elleithy, "Denial of Service Attack Techniques: Analaysis, Implementation and
Comparison, "III SCI journal, vol 3, no 1, pp. 66-71]
[6] Sun-young Im, Seung-Hun Shin,Ki Yeol Ryu "Performance Evaluation of Network Scanning
Tools with Operation of Firewall 978-1-4673-9991-3/16/$31.00 ©2016 IEEE, pp 876881,2016.
[7] Q. Monnet, L. Mokdad, and J. Ben-Othman. Energy-balancing method to detect denial of
service attacks in wireless sensor networks. In Proceedings of the IEEE International
Conference on Communications Sydney, NSW, Australia, 2014.
[8] A. Papagrigoriou, P. Petrakis, “A Firewall Module Resolving Rules Consistency” pp47-50 78–1–
5386–1157–9/17/$31.00 2017 IEEE.