Part 1
DoS and DDoS attacks have evolved over the years to become targeted attacks involving extortion and other crimes. DoS and DDos are no longer simple botnets; they are systems with sophistication (Reiher & Mirkovic, 2004). The attacks have grown to reach super-sized volumes of more than 500Mbps bandwidth. The attacks have become more flexible; recent attacks use scripts for traffic randomization. Others mimic Google bots to avoid stringent web filters. Reflection and amplification allow attackers to achieve more damage with little. Large corporations are exposed to dangers of losing their assets because of DoS and DDoS attacks. They can lose financially especially for organizations dependent on web services. They also suffer from bad reputation and loss of customer confidence and interest. To mitigate DoS/DDoS risk, the organization can strengthen its IT and ISP backbone by training its staff on monitoring of normal network behavior and how to handle the attacks in case they occur.
Part 2
One of the commonly used sniffer tools is Wireshark. The tools primary use is network traffic analysis. Strengths of the tool include its packets distinguishing coloring scheme The ability to trace a full stream for a particular protocol, the option to specify private keys and lets the user decrypt encrypted traffic on the fly. Weaknesses of the tool include configurations require switch access. Competing products include the Kismet, Tcpdump, and Ettercap. The Wireshark can be used in almost all networks and has no system requirements. Hackers and security personnel commonly use the tool for traffic analysis. A security personnel uses it to diagnose network problems such as congestion. They also use it to filter network traffic and also discover malware, vulnerabilities, and network misuse. Hackers use it to steal confidential information in transit.
Reference
Reiher, P., & Mirkovic, J. (2004). A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Computer Communication Review, 34(2):39-53.
