Internet Denial of Service Attack and Defense Mechanisms,9780131475731

Internet Denial of Service Attack and Defense Mechanisms

by ; ;
Edition: 1st
ISBN13: 9780131475731
ISBN10: 0131475738
Format: Paperback
Pub. Date: 2004-12-30
Publisher(s): Prentice Hall
List Price: $48.62

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $0.59

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

The first straightforward account of DDoS - a serious issue that impacts revenue in the board room and production in the server room.

Author Biography

Sven Dietrich is a member of the technical staff at the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University.

Table of Contents

Foreword xi
Acknowledgments xv
About the Authors xix
Introduction
1(10)
DoS and DDoS
2(3)
Why Should We Care?
5(1)
What Is This Book?
6(1)
Who Is This Book For?
7(1)
What Can This Book Help You Do?
8(1)
Outline of the Remaining Chapters
8(3)
Understanding Denial of Service
11(18)
The Ulterior Motive
13(1)
Meet the Attackers
14(1)
Behind the Scenes
15(5)
Recruiting and Controlling Attacking Machines
17(1)
Hiding
18(1)
Misusing Legitimate Services
19(1)
Distribution Effects
20(2)
DDoS: Hype or Reality?
22(5)
How Common Are DDoS Attacks?
22(2)
The Magnitude of DDoS Attacks
24(3)
How Vulnerable Are You to DDoS?
27(2)
History of DoS and DDoS
29(32)
Motivation
29(4)
Design Principles of the Internet
33(8)
Packet-Switched Networks
33(3)
Best-Effort Service Model and End-to-End Paradigm
36(3)
Internet Evolution
39(1)
Internet Management
40(1)
DoS and DDoS Evolution
41(20)
History of Network-Based Denial of Service
42(19)
How Attacks Are Waged
61(40)
Recruitment of the Agent Network
61(8)
Finding Vulnerable Machines
62(4)
Breaking into Vulnerable Machines
66(1)
Malware Propagation Methods
67(2)
Controlling the DDoS Agent Network
69(10)
Direct Commands
69(2)
Indirect Commands
71(2)
Malware Update
73(1)
Unwitting Agent Scenario
74(1)
Attack Phase
75(4)
Semantic Levels of DDoS Attacks
79(7)
Exploiting a Vulnerability
79(1)
Attacking a Protocol
80(3)
Attacking Middleware
83(1)
Attacking an Application
84(1)
Attacking a Resource
85(1)
Pure Flooding
86(1)
Attack Toolkits
86(6)
Some Popular DDoS Programs
87(2)
Blended Threat Toolkits
89(2)
Implications
91(1)
What Is IP Spoofing?
92(6)
Why Is IP Spoofing Defense Challenging?
96(1)
Why DDoS Attacks Use IP Spoofing
97(1)
Spoofing Is Irrelevant at 10,000+ Hosts
97(1)
DDoS Attack Trends
98(3)
An Overview of DDoS Defenses
101(52)
Why DDoS Is a Hard Problem
102(3)
DDoS Defense Challenges
105(3)
Technical Challenges
106(1)
Social Challenges
107(1)
Prevention versus Protection and Reaction
108(5)
Preventive Measures
109(3)
Reactive Measures
112(1)
DDoS Defense Goals
113(4)
DDoS Defense Locations
117(11)
Near the Target
117(3)
Near the Attacker
120(3)
In the Middle
123(3)
Multiple Deployment Locations
126(2)
Defense Approaches
128(25)
Protection
129(10)
Attack Detection
139(7)
Attack Response
146(7)
Detailed Defense Approaches
153(68)
Thinking about Defenses
153(3)
General Strategy for DDoS Defense
156(2)
Preparing to Handle a DDoS Attack
158(15)
Understanding Your Network
158(3)
Securing End Hosts on Your Network
161(5)
Fortifying Your Network
166(3)
Preparing to Respond to the Attack
169(4)
Handling an Ongoing DDoS Attack as a Target
173(5)
Handling an Ongoing DDoS Attack as a Source
178(3)
Agreements/Understandings with Your ISP
181(2)
Analyzing DDoS tools
183(38)
Historical DDoS Analyses
185(1)
Full Disclosure versus Nondisclosure
186(4)
How to Analyze Malware Artifacts
190(31)
Survey of Research Defense Approaches
221(20)
Pushback
222(1)
Traceback
223(2)
D-WARD
225(1)
NetBouncer
226(2)
Secure Overlay Services (SOS)
228(1)
Proof of Work
229(1)
DefCOM
230(1)
COSSACK
231(1)
Pi
232(1)
SIFF: An End-Host Capability Mechanism to Mitigate DDoS Flooding Attacks
233(1)
Hop-Count Filtering (HCF)
234(1)
Locality and Entropy Principles
235(1)
Locality
235(1)
Entropy
235(1)
An Empirical Analysis of Target-Resident DoS Filters
236(2)
Research Prognosis
238(3)
Slowing Innovation
238(1)
Several Promising Approaches
239(1)
Difficult Deployment Challenges
239(2)
Legal Issues
241(28)
Basics of the U.S. Legal System
241(3)
Laws That May Apply to DDoS Attacks
244(2)
Who Are the Victims of DDoS?
246(2)
How Often Is Legal Assistance Sought in DDoS Cases?
248(3)
Initiating Legal Proceedings as a Victim of DDoS
251(1)
Civil Proceedings
251(1)
Criminal Proceedings
252(1)
Evidence Collection and Incident Response Procedures
252(1)
Estimating Damages
253(4)
A Cost-Estimation Model
255(2)
Jurisdictional Issues
257(1)
Domestic Legal Issues
258(2)
International Legal Issues
260(3)
Self-Help Options
263(2)
A Few Words on Ethics
265(1)
Current Trends in International Cyber Law
266(3)
Conclusions
269(20)
Prognosis for DDoS
273(5)
Increase in Size
273(1)
Increase in Sophistication
273(1)
Increases in Semantic DDoS Attacks
274(1)
Infrastructure Attacks
274(1)
Degradation of Service
275(1)
Motivations for Attacks
276(1)
Overall Prognosis
277(1)
Social, Moral, and Legal Issues
278(1)
Resources for Learning More
279(7)
Web Sites
279(2)
Mailing lists
281(1)
Conferences and Workshops
282(2)
Magazines and Journals
284(2)
Conclusion
286(3)
Appendix A: Glossary
289(12)
Appendix B: Survey of Commercial Defense Approaches
301(22)
B.1 Mazu Enforcer by Mazu Networks
303(2)
B.2 Peakflow by Arbor Networks
305(4)
B.3 WS Series Appliances by Webscreen Technologies
309(2)
B.4 Captus IPS by Captus Networks
311(1)
B.5 MANAnet Shield by CS3
312(3)
B.6 Cisco Traffic Anomaly Detector XT and Cisco Guard XT
315(3)
B.7 Stealth Watch by Lancope
318(1)
B.8 Summary
318(5)
Appendix C: DDoS Data
323(12)
C.1 2004 CSI/FBI Computer Crime and Security Survey
324(1)
C.2 Inferring Internet Denial-of-Service Activity
325(4)
C.3 A Framework for Classifying Denial-of-Service Attacks
329(2)
C.4 Observations and Experiences Tracking Denial-of-Service Attacks across a Regional ISP
331(1)
C.5 Report on the DDoS Attack on the DNS Root Servers
332(2)
C.6 Conclusion
334(1)
References 335(16)
Index 351

Excerpts

It is Monday night and you are still in the office, when you suddenly become aware of the whirring of the disks and network lights blinking on the Web server. It seems like your company's Web site is quite well visited tonight, which is good because you are in e-business, selling products over the Internet, and more visits mean more earnings. You decide to check it out too, but the Web page will not load. Something is wrong. A few minutes later, network operations confirm your worst fears. Your company's Web site is under a denial-of-service attack. It is receiving so many requests for a Web page that it cannot serve them all--50 times your regular load. Just like you cannot access the Web site,none of your customers can.Your business has come to a halt. You all work hard through the night trying to devise filtering rules to weed out bogus Web page requests from the real ones. Unfortunately, the traffic you are receiving is very diverse and you cannot find a common feature that would make the attack packets stand out. You next try to identify the sources that send you a lot of traffic and blacklist them in your firewall. But there seem to be hundreds of thousands of them and they keep changing. You spend the next day bringing up backup servers and watching them overload as your earnings settle around zero. You contact the FBI and they explain that they are willing to help you, but it will take them a few days to get started. They also inform you that many perpetrators of denial-of-service attacks are never caught, since they do not leave enough traces behind them. All you are left with are questions: Why are you being attacked? Is it for competitive advantage? Is an ex-employee trying to get back at you? Is this a very upset customer? How long can your business be offline and remain viable? How did you get into this situation, and how will you get out of it? Or is this just a bug in your own Web applications, swamping your servers accidentally? This is a book aboutDenial-of-Service attacks,orDoSfor short. These attacks aim at crippling applications, servers, and whole networks, disrupting legitimate users' communication. They are performed intentionally, easy to perpetrate, and very, very hard to handle. The popular form of these attacks, Distributed Denial-of-Service (DDoS) attacks, employs dozens, hundreds, or even well over 100,000 compromised computers, to perform a coordinated and widely distributed attack. It is immensely hard to defend yourself against a coordinated action by so many machines. This book describes DoS and DDoS attacks and helps you understand this new threat. It also teaches you how to prepare for these attacks, preventing them when possible, dealing with them when they do occur, and learning how to live with them, how to quickly recover and how to take legal action against the attackers. 1.1 DoS and DDoS The goal of a DoS attack is to disrupt some legitimate activity, such as browsing Web pages, listening to an online radio, transferring money from your bank account, or even docking ships communicating with a naval port. Thisdenial-of-serviceeffect is achieved by sending messages to the target that interfere with its operation, and make it hang, crash, reboot, or do useless work. One way to interfere with a legitimate operation is to exploit a vulnerability present on the target machine or inside the target application. The attacker sends a few messages crafted in a specific manner that take advantage of the given vulnerability. Another way is to send a vast number of messages that consume some key resource at the target such as bandwidth, CPU time, memory, etc. The target application, machine, or network spends all of its critical resources on handling the attack traffic and cannot attend to its legitimate clients. Of course, to generate such a vast number of messages the attacker must control a very powerful machi

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.