Back
 JIS  Vol.7 No.4 , July 2016
Blue Screen of Death Observed for Microsoft Windows Server 2012 R2 under DDoS Security Attack
Abstract: Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented results of experiments that were conducted to test the security capability of the latest server Operating System from Microsoft Inc., namely Windows Server 2012 R2. Experiments were designed to evaluate its in-built security features in defending against a common Distributed Denial of Service (DDoS) attack, namely the TCP-SYN based DDoS attack. Surprisingly, it was found that the Windows Server 2012 R2 OS lacked sufficient host-based protection and was found to be unable to defend against even a medium intensity3.1 Gbps-magnitude of TCP-SYN attack traffic. The server was found to crash within minutes after displaying a Blue Screen of Death (BSoD) under such security attacks.
Cite this paper: Sundar, K. and Kumar, S. (2016) Blue Screen of Death Observed for Microsoft Windows Server 2012 R2 under DDoS Security Attack. Journal of Information Security, 7, 225-231. doi: 10.4236/jis.2016.74018.
References

[1]   Khandelwal, S. (2016) 602 Gbps! This May Have Been the Largest DDoS Attack in History. The Hacker News, Jan 8.
http://thehackernews.com/2016/01/biggest-ddos-attack.html

[2]   Cox, J.W. (2016) Possible “Ransomware” Attack Still Crippling Some MedStar Hospitals’ Computers. The Washington Post, Mar 30. https://www.washingtonpost.com/local/likely-ransomware-cyberattack-still-crippling-medstar-health-computers-at-some-hospitals/2016/03/30/a82c9fa8-f687-11e5-8b23-538270a1ca31_story.html

[3]   (2015) Ransomware Attacks to Grow in 2016. Security Magazine, Nov 23.
http://www.securitymagazine.com/articles/86787-ransomware-attacks-to-grow-in-2016

[4]   Krishnan, R. (2016) Ransomware Attacks on Hospitals Put Patients at Risk. Apr 3.
http://thehackernews.com/2016/04/hospital-ransomware.html

[5]   Eddy, W. (2007) TCP SYN Flooding Attacks and Common Mitigations. Request for Comments (RFC)-4987, August. https://tools.ietf.org/html/rfc4987

[6]   Zeifman, I. (2015) Q2 2015 Global DDoS Threat Landscape Report: Assaults Resemble Advanced Persistent Threats. Incapsula Blog, Bots & DDoS, Jun9.
https://www.incapsula.com/blog/ddos-global-threat-landscape-report-q2-2015.html

[7]   (1996) Daemon 9, Route and Infinity, Project Neptune. Phrack Magazine, Volume Seven, Issue 48, File 13 of 18, July.
http://phrack.org/issues/48/13.html

[8]   Bernstein, D.J. (2005) SYN Cookies. December. https://cr.yp.to/syncookies.html

[9]   Lemon, J. (2002) Resisting SYN Flood DoS Attacks with a SYN Cache. BSD Conference, February.

[10]   Kurose, J.F. and Ross, K.W. Computer Networking: A Top-Down Approach. 6th Edition.

[11]   Kumar, S. and Gade, R.S.R. (2015) Evaluation of Microsoft Windows Servers 2008 & 2003 against Cyber Attacks. Journal of Information Security, 6, 155-160.

[12]   Kumar, S. and Surisetty, S. (2012) Microsoft vs. Apple: Resilience against Distributed Denial-of-Service Attacks. IEEE Security & Privacy, 10, 60-64.

[13]   Kumar, S. and Surishetty, S. (2011) Apple’s Leopard Versus Microsoft’s Windows XP: Experimental Evaluation of Apple’s Leopard Operating System with Windows XP-SP2 under Distributed Denial of Service Security Attacks. Information Security Journal: A Global Perspective, 20, 163-172.

[14]   Vellalacheruvu, H.K. and Kumar, S. (2011) Effectiveness of Built-In Security Protection of Microsoft’s Windows Server 2003 against TCP SYN Based DDoS Attacks. Journal of Information Security, 2, 131-138.

[15]   Gade, R.S.R., Vellalacheruvu, H.K. and Kumar, S. (2010) Performance of Windows XP, Windows Vista and Apple’s Leopard Computers under a Denial of Service Attack. 4th International Conference on the Digital Society (ICDS 2010), 188-191.

[16]   Kumar, S. and Petana, E. (2008) Mitigation of TCP-SYN Attacks with Microsoft’s Windows XP Service Pack2 (SP2) Software. IEEE Computer Society 7th International Conference on Networking (ICN 2008), 238-242.

[17]   Kumar, S. and Petana, E. (2011) TCP SYN-Based DDoS Attack on EKG Signals Monitored via a Wireless Sensor Network. Security and Communication Networks, 4, 1448-1460.
http://onlinelibrary.wiley.com/doi/10.1002/sec.275/full

[18]   (2012) Determining the Source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) Errors on Windows Server 2012. MSDN blogs, Dec 7.
http://blogs.msdn.com/b/ntdebugging/archive/2012/12/07/determining-the-source-of-bug-check-0x133-dpc-watchdog-violation-errors-on-windows-server-2012.aspx

[19]   (2015) Windows Stop Error 133 Occurs on Windows Server 2012. Knowledge Base Dell Support, Jun 30.
http://www.dell.com/support/article/us/en/04/SLN291258/EN

[20]   (2012) Knowledge Base (KB) 2789962: You Receive a “DPC_WATCHDOG_VIOLATION (133)” Stop Error Message on a Windows Server 2012-Based Computer, Article ID: 2789962, Last Review: Dec 12, Revision: 4.0.
https://support.microsoft.com/en-us/kb/2789962

[21]   (2015) Knowledge Base (KB) 301379: Stop Error When There’s Faulty Hardware in Windows 8.1 or Windows Server 2012 R2. Article ID: 3013791, Last Review: Jul 14, Revision: 3.0.
https://support.microsoft.com/en-us/kb/3013791

 
 
Top