Suddenly your Web server becomes unavailable. When you investigate, you realize that a flood of packets is surging into your network. You have just become one of the hundreds of thousands of victims of a denial-of-service attack, a pervasive and growing threat to the Internet. What do you do?Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack.Inside, you'll find comprehensive information on the following topics How denial-of-service attacks are waged How to improve your network's resilience to denial-of-service attacks What to do when you are involved in a denial-of-service attack The laws that apply to these attacks and their implications How often denial-of-service attacks occur, how strong they are, and the kinds of damage they can cause Real examples of denial-of-service attacks as experienced by the attacker, victim, and unwitting accomplicesThe authors' extensive experience in handling denial-of-service attacks and researching defense approaches is laid out clearly in practical, detailed terms.
Cited By
Atiyah A and Almajali S A traffic tracking algorithm for a fast detection of active network sources Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, (1-6)- Shan Y, Kesidis G and Fleck D Cloud-Side Shuffling Defenses against DDoS Attacks on Proxied Multiserver Systems Proceedings of the 2017 on Cloud Computing Security Workshop, (1-10)
- Jonker M, King A, Krupp J, Rossow C, Sperotto A and Dainotti A Millions of targets under attack Proceedings of the 2017 Internet Measurement Conference, (100-113)
- Tiloca M, Gehrmann C and Seitz L (2017). On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake, International Journal of Information Security, 16:2, (173-193), Online publication date: 1-Apr-2017.
- Zlomislić V, Fertalj K and Sruk V (2017). Denial of service attacks, defences and research challenges, Cluster Computing, 20:1, (661-671), Online publication date: 1-Mar-2017.
- Farina P, Cambiaso E, Papaleo G and Aiello M (2016). Are mobile botnets a possible threat? The case of SlowBot Net, Computers and Security, 58:C, (268-283), Online publication date: 1-May-2016.
- Eikel M and Scheideler C (2015). IRIS, ACM Transactions on Parallel Computing, 2:3, (1-33), Online publication date: 2-Nov-2015.
- Soska K and Christin N Automatically detecting vulnerable websites before they turn malicious Proceedings of the 23rd USENIX conference on Security Symposium, (625-640)
- Kührer M, Hupperich T, Rossow C and Holz T Exit from hell? reducing the impact of amplification DDoS attacks Proceedings of the 23rd USENIX conference on Security Symposium, (111-125)
- Rodríguez-Gómez R, Maciá-Fernández G and García-Teodoro P (2013). Survey and taxonomy of botnet research through life-cycle, ACM Computing Surveys, 45:4, (1-33), Online publication date: 1-Aug-2013.
- Eikel M and Scheideler C IRIS Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures, (119-129)
- Kotenko I, Konovalov A and Shorov A (2012). Agent-based simulation of cooperative defence against botnets, Concurrency and Computation: Practice & Experience, 24:6, (573-588), Online publication date: 1-Apr-2012.
- Bhandari A, Sangal A and Saluja K Queuing algorithms performance against buffer size and attack intensities in DDOS attacks Proceedings of the 2011 international conference on Advanced Computing, Networking and Security, (534-540)
- Geneiatakis D, Portokalidis G and Keromytis A A multilayer overlay network architecture for enhancing IP services availability against dos Proceedings of the 7th international conference on Information Systems Security, (322-336)
- Roman J, Radek B, Radek V and Libor S Launching distributed denial of service attacks by network protocol exploitation Proceedings of the 2nd international conference on Applied informatics and computing theory, (210-216)
- Sun X, Torres R and Rao S (2010). Preventing DDoS attacks on internet servers exploiting P2P systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, 54:15, (2756-2774), Online publication date: 1-Oct-2010.
- Maciá-Fernández G, Rodríguez-Gómez R and Díaz-Verdejo J (2010). Defense techniques for low-rate DoS attacks against application servers, Computer Networks: The International Journal of Computer and Telecommunications Networking, 54:15, (2711-2727), Online publication date: 1-Oct-2010.
- Geneiatakis D, Vrakas N and Lambrinoudakis C (2009). Utilizing bloom filters for detecting flooding attacks against SIP based services, Computers and Security, 28:7, (578-591), Online publication date: 1-Oct-2009.
- Liu C and Zhang S A bidirectional-based DDoS detection mechanism Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing, (4482-4485)
- Maciá-Fernández G, Díaz-Verdejo J and García-Teodoro P (2009). Mathematical model for low-rate DoS attacks against application servers, IEEE Transactions on Information Forensics and Security, 4:3, (519-529), Online publication date: 1-Sep-2009.
- Baumgart M, Scheideler C and Schmid S A DoS-resilient information system for dynamic data management Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures, (300-309)
- Goldstein M, Reif M, Stahl A and Breuel T High performance traffic shaping for DDoS mitigation Proceedings of the 2008 ACM CoNEXT Conference, (1-2)
- Ostaszewski M, Bouvry P and Seredynski F Denial of service detection and analysis using idiotypic networks paradigm Proceedings of the 10th annual conference on Genetic and evolutionary computation, (79-86)
- Roichman A and Gudes E DIWeDa - Detecting Intrusions in Web Databases Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, (313-329)
- Andreou M and van Moorsel A Logging based IP Traceback in switched ethernets Proceedings of the 1st European Workshop on System Security, (1-7)
- Prusiewicz A A multi-agent system for computer network security monitoring Proceedings of the 2nd KES International conference on Agent and multi-agent systems: technologies and applications, (842-849)
- Bullot T, Khatoun R, Hugues L, Gaïti D and Merghem-Boulahia L (2008). A situatedness-based knowledge plane for autonomic networking, International Journal of Network Management, 18:2, (171-193), Online publication date: 1-Mar-2008.
- Taesombut N and Chien A Evaluating network information models on resource efficiency and application performance in lambda-grids Proceedings of the 2007 ACM/IEEE conference on Supercomputing, (1-12)
- Boteanu D, Reich E, Fernandez J and McHugh J Implementing and testing dynamic timeout adjustment as a dos counter-measure Proceedings of the 2007 ACM workshop on Quality of protection, (34-39)
- Boteanu D, Fernandez J, McHugh J and Mullins J Queue management as a DoS counter-measure? Proceedings of the 10th international conference on Information Security, (263-280)
- Wu Z and Zhang D Scheme of defending against DDoS attacks in large-scale ISP networks Proceedings of the 2007 IFIP international conference on Network and parallel computing, (296-305)
- Zhang G, Ehlert S, Magedanz T and Sisalem D Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications, (57-66)
- El Defrawy K, Gjoka M and Markopoulou A BotTorrent Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet, (1-6)
- Wu Q, Zhang H and Pu J Mitigating distributed denial-of-service attacks using network connection control charts Proceedings of the 2nd international conference on Scalable information systems, (1-4)
- Kotenko I and Ulanov A Multi-agent framework for simulation of adaptive cooperative defense against internet attacks Proceedings of the 2nd international conference on Autonomous intelligent systems: agents and data mining, (212-228)
- Peng T, Leckie C and Ramamohanarao K (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys, 39:1, (3-es), Online publication date: 12-Apr-2007.
- Huang Y, Geng X and Whinston A (2007). Defeating DDoS attacks by fixing the incentive chain, ACM Transactions on Internet Technology, 7:1, (5-es), Online publication date: 1-Feb-2007.
- Zhang Z, Ho P, Lin X and Shen H Janus Proceedings of the 9th international conference on Information Security and Cryptology, (136-154)
- Mao Z, Sekar V, Spatscheck O, van der Merwe J and Vasudevan R Analyzing large DDoS attacks using multiple data sources Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, (161-168)
- Li M, Wang S and Zhao W A real-time and reliable approach to detecting traffic variations at abnormally high and low rates Proceedings of the Third international conference on Autonomic and Trusted Computing, (541-550)
- Kotenko I and Ulanov A Simulation of internet DDoS attacks and defense Proceedings of the 9th international conference on Information Security, (327-342)
- Naoumov N and Ross K Exploiting P2P systems for DDoS attacks Proceedings of the 1st international conference on Scalable information systems, (47-es)
- Cheung S (2006). Denial of Service against the Domain Name System, IEEE Security and Privacy, 4:1, (40-45), Online publication date: 1-Jan-2006.
- Carl G, Kesidis G, Brooks R and Rai S (2006). Denial-of-Service Attack-Detection Techniques, IEEE Internet Computing, 10:1, (82-89), Online publication date: 1-Jan-2006.
- Freiling F, Holz T and Wicherski G Botnet tracking Proceedings of the 10th European conference on Research in Computer Security, (319-335)
- Hussain A, Bartlett G, Pryadkin Y, Heidemann J, Papadopoulos C and Bannister J Experiences with a continuous network tracing infrastructure Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, (185-190)
Index Terms
- Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Recommendations
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Surviving Distributed Denial-of-Service Attacks
A series of distributed denial-of-service (DDoS) attacks were launched against computer systems and services in the US and South Korea beginning July 4th. A DDoS attack is an attempt to make a computer service unavailable to its intended users. The ...
Protection Against Denial of Service Attacks
Denial of service (DoS) is a prevalent threat in today's networks because DoS attacks are easy to launch, while defending a network resource against them is disproportionately difficult. Despite the extensive research in recent years, DoS attacks ...
Reviews
L. F. Pau
This volume primarily addresses the framework for considering distributed denial of service attacks. After a first chapter highlighting the context and impact of denial of service attacks, a nontechnical chapter 2 explains the phenomenon, and illustrates the scope and seriousness of the problem. It touches on recruiting and controlling attacking machines, hiding, misusing legitimate services, and distribution effects. Chapter 3 is about the history of these attacks from Internet service operations, and the Internet design and management weaknesses that have been targeted. Chapter 4 provides a very elementary survey of how attacks are waged. The main mechanisms presented are: finding vulnerable machines, the use of worms, break-ins, propagation, and controlling distributed denial of service attack agents. Much less attention is given to attacks on a resource, flooding, denial of service attack toolkits, and Internet provider (IP) spoofing, which are very common. Chapter 5 is a nontechnical overview of denial of service attack defenses. The more technical elements of these defenses are described in chapter 6; this chapter is written as a process checklist of items to be considered, such as understanding your network, securing end hosts, tuning parameters, and handling attack traffic. Chapter 7 offers some research directions, many of which correspond to the US Defense Advanced Research Projects Agency (DARPA) supported academic research efforts. Chapter 8 summarizes mostly US laws that may apply to denial of service attacks, and some best practices about how to handle these via legal proceedings, including damage assessment. The conclusion, in chapter 9, is a forecast into the future of denial of service attack handling, listing a number of resources (competence centers, Web sites, mailing lists, conferences, and journals) in the area. Three appendices contain a glossary, a survey of commercial defense approaches, and some denial of service attack observation data. There are also extensive lists of references, and an index. This book may give systems administrators and chief information officers (CIOs) a feeling for the underlying principles, risks, and processes, but it does not contain information on essential router characteristics, network management, operating systems, or network protocols-all facets that need to be analyzed and utilized for denial of service attacks, and above all, for defense. The book does not precisely explain how search and configuration methods and tools, along with information compartmentalization and encryption, can help. With respect to damage assessment, only direct costs are identified; indirect losses and the investments needed for defense are not covered. Online Computing Reviews Service
Ruay-Shiung Chang
If you were to rush to a bank to complete a transaction that was just barely overdue, you could imagine the uneasiness you would feel if the bank was out of service. Similarly, when a service Web site is unavailable just when you need it badly, you feel very upset. In the Internet age, when everything has gone online, disrupted services resulting from being unable to access a Web site are beginning to matter a great deal. Denial of service (DoS) and distributed DoS (DDoS) have become the number one killer for Internet businesses. This book outlines all you need to know about DoS and DDoS. The narratives are nontechnical and easy to understand, even for a layman. After reading this book, you will have a firm knowledge of DoS and DDoS. There are nine chapters and three appendices in the book. It begins with an introduction, including the definition of, and the history of, DoS and DDoS. Attacks and defenses strategies are then explained in detail. Since we can never eliminate DoS and DDoS completely, an effective defense mechanism is very important; the authors use three chapters and one appendix to familiarize their readers with various defense approaches and details. Finally, a chapter on legal issues is included, to help readers understand how the law and the legal system can (and cannot) help them. Further resources are provided in the conclusion. Although the authors are correct in keeping the technical details out of this book, they cannot totally avoid Unix scripts and Internet jargon, which is scattered throughout the book. Perhaps an independent chapter or appendix about Unix and Internet protocol suites would be appropriate in a future edition. An overview of the big picture of Internet security problems would also help readers understand the depth of DoS and DDoS as they are related to other security threats. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.