Defending against flooding-based distributed denial-of-service attacks: A tutorial

IEEE Communications Magazine

Volumn 40, Issue 10, 2002, Pages 42-51

  Chang, Rocky K C ^a  

^a HONG KONG POLYTECHNIC UNIVERSITY   (Hong Kong)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; COMPUTER SYSTEM FIREWALLS; INTERNET; NETWORK PROTOCOLS; PACKET NETWORKS; ROUTERS; SECURITY OF DATA; SERVERS;

FLOODING-BASED DISTRIBUTED DENIAL-OF-SERVICE ATTACK; ROUTE-BASED PACKET FILTERING;

TELECOMMUNICATION SERVICES;

EID: 0036804084     PISSN: 01636804     EISSN: None     Source Type: Journal    
DOI: 10.1109/MCOM.2002.1039856     Document Type: Article

References (15)

1. D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," Proc. 10th USENIX Sec. Symp., 2001.
2. Comp. Emergency Response Team, "Results of the Distributed-Systems Intruder Tools Workshop," http://www.cert.org/reports/dsit_workshop-final.html, Nov. 1999.
3. D. Dittrich, "The DoS Project's 'Trinoo' Distributed Denial of Service Attack Tool," http://staff.washington.edu/dittrich/misc/trinoo.analysis, Oct. 1999.
4. S. Gibson, "Distributed Reflection Denial of Service: Description and Analysis of a Potent, Increasingly Prevalent, and Worrisome Internet Attack," http://grc.com/dos/drdos.htm, Feb. 2002.
5. Comp. Emergency Response Team Incident Note IN-2000-04, "Denial of Service Attacks Using Name-servers," http://www.cert.org/incident_notes/IN-2000-04.html, Apr. 2000.
6. V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks," ACM Comp. Commun. Rev., vol. 31, no. 3, July 2001, pp. 38-47.
7. S. Gibson, "The Strange Tale of the Denial of Service Attacks Against GRC.COM," http://grc.com/dos/grcdos.htm, Mar. 2002.
8. A. Snoeren et al., "Hash-Based IP Traceback," Proc. ACM SIGCOMM, Aug. 2001, pp. 3-14.
9. S. Savage et al., "Practical Network Support for IP Traceback," Proc. ACM SIGCOMM, Aug. 2000, pp. 295-308.
10. P. Ferguson, and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing," RFC 2827, May 2000.
11. P. Porras and A. Valdes, "Live Traffic Analysis of TCP/IP Gateways," Proc. Net. and Distrib. Sys. Sec. Symp., Mar. 1998; http://www.sdl.sri.com/projects/emerald/live-traffic.html
12. K. Park and H. Lee, "On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets," Proc. ACM SIGCOMM, Aug. 2001, pp. 15-26.
13. K. K. Wan and R. Chang, "Engineering of a Global Defense Infrastructure for DDoS Attacks," Proc. IEEE Int'l. Conf. Net., Aug. 2002.
14. IETF's Intrusion Detection Exchange Format Working Group, http://www.ietf.org/html.charters/idwg-charter.html, Apr. 2002.
15. R. Crow and S. Schwartz, "Quickest Detection for Sequential Decentralized Decision Systems," IEEE Trans. Aerospace and Electronic Systems, vol. 32, no. 1, Jan. 1996, pp. 267-83.