Mitigating denial of service attacks: A tutorial

Journal of Computer Security

Volumn 13, Issue 6, 2005, Pages 807-837

  Mölsä, Jarmo ^a,b  

^a NATIONAL DEFENCE UNIVERSITY   (Finland)

^b AALTO UNIVERSITY   (Finland)

Author keywords

Attack mechanisms; Defense mechanisms; Denial of service; Network security

Indexed keywords

COMPUTER SYSTEMS; MECHANISMS; OPTIMIZATION; RISK MANAGEMENT; RISKS; SECURITY OF DATA;

ATTACK MECHANISMS; DEFENSE MECHANISMS; DENIAL OF SERVICE; NETWORK SECURITY;

COMPUTER NETWORKS;

EID: 29244465140     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2005-13601     Document Type: Article

References (65)

1. D. Adkins, K. Lakshminarayanan, A. Perrig and I. Stoica, Towards a more functional and secure network infrastructure, University of California, Berkeley, Tech. Rep. UCB/CSD-03-1242, 2003.
2. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel and E. Stoner, State of the practice of intrusion detection technologies, Carnegie Mellon University, Software Engineering Institute, Tech. Rep. CMU/SEI-99-TR-028, Jan. 2000. [Online] Available: http://www.cert.org/archive/pdf/99tr028.pdf.
3. I. Arce and E. Levy, An analysis of the Slapper worm, IEEE Security & Privacy 1(1) (2003), 82-87.
4. S.M. Bellovin, The state of software security, Nov. 2002. [Online] Available: http://www.research.att.com/smb/talks/vuln-legal.ps.
5. P. Bouchareine, Format string vulnerability, Hacker Emergency Response Team, Tech. Rep., July 2000.
6. K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee and R.A. Olsson, Detecting disruptive routers: A distributed network monitoring approach, IEEE Network 12(5) (1998), 50-60.
7. R. Bush, D. Karrenberg, M. Kosters and R. Plzak, Root name server operational requirements, Internet Engineering Task Force, Request for Comments RFC 2870, June 2000.
8. CERT Coordination Center, Denial of service attacks, Oct. 1997. [Online] Available: http://www.cert.org/tech_tips/denial_of_service.html.
9. CERT Coordination Center, Overview of attack trends, Feb. 2002. [Online] Available: http://www.cert.org/archive/pdf/attack_trends.pdf.
10. A. Chakrabarti and G. Manimaran, Internet infrastructure security: A taxonomy, IEEE Network 16(6) (2002), 13-21.
11. R.K. Chang, Defending against flooding-based distributed denial-of-service attacks: A tutorial, IEEE Commun. Mag. 40(10) (2002), 42-51.
12. Cisco Systems, Inc., Characterizing and tracing packet floods using cisco routers, Feb. 2003.
13. C. Cowan, Software security for open-source systems, IEEE Security & Privacy 1(1) (2003), 38-45.
14. C. Cowan, S. Beattie, R.F. Day, C. Pu, P. Wagle and E. Walthinsen, Protecting systems from stack smashing attacks with StackGuard, in: Proceedings of the LinuxExpo, Raleigh, NC, USA, 1999.
15. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang and H. Hinton, StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, in: Proceedings of the 7th USENIX Security Conference, San Antonio, TX, 1998, pp. 63-78.
16. S.A. Crosby and D.S. Wallach, Denial of Service via algorithmic complexity attacks, in: Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA, 2003.
17. R. Durst, T. Champion, B. Wirten, E. Miller and L. Spagnuolo, Testing and evaluating computer intrusion detection systems, Communications of the ACM 42(7) (1999), 53-61.
18. P. Ferguson and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC 2827, May 2000.
19. S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan and V. Paxson, Pushback messages for controlling aggregates in the network, July 2001, Internet draft draft-floyd-pushback-messages-00.txt, work in progress.
20. S. Forrest, S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, A sense of self for Unix processes, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1996, pp. 120-128.
21. L. Garber, Denial-of-Service attacks rip the Internet, IEEE Computer 33(4) (2000), 12-17.
22. D. Gollmann, Computer Security, John Wiley & Sons, Chichester, England, 1999.
23. B. Guha and B. Mukherjee, Network security via reverse engineering of TCP code: Vulnerability analysis and proposed solutions, IEEE Network 11(4) (1997), 40-48.
24. J. Haines, D.K. Ryder, L. Tinnel and S. Taylor, Validation of sensor alert correlators, IEEE Security & Privacy 1(1) (2003), 46-56.
25. M. Handley, V. Paxson and C. Kreibich, Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics, in: Proceedings of the 10th USENIX Security Symposium, 2001.
26. K.J. Houle, G.M. Weaver, N. Long and R. Thomas, Trends in Denial of Service Attack Technology. CERT Coordination Center, Oct. 2001. [Online] Available: http://www.cert.org/archive/pdf/DoS_trends.pdf.
27. A. Householder, A. Manion, L. Pesante, G.M. Weaver and R. Thomas, Managing the Threat of Denial-of-Service Attacks, CERT Coordination Center, Oct. 2001.
28. J.D. Howard, An analysis of security incidents on the Internet 1989-1995, PhD dissertation, Carnegie Mellon University, April 1997.
29. C. Huitema, Routing in the Internet, 2nd edn, Prentice Hall PTR, Upper Saddle River, NJ, USA, 2000.
30. T. Killalea, Recommended Internet Service Provider Security Services and Procedures, RFC 3013, Nov. 2000.
31. Lawrence Livermore National Laboratory and Sandia National Laboratories, Intrusion detection and response, Dec. 1996. [Online] Available: http://www.all.net/journal/ntb/ids.html.
32. G. Lawton, Virus wars: Fewer attacks, new threats, IEEE Computer, 35(12) (2002), 22-24.
33. W. Lee, W. Fan, M. Miller, S.J. Stolfo and E. Zadok, Toward cost-sensitive modeling for intrusion detection and response, Journal of Computer Security 10(1-2) (2002).
34. R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham and M.A. Zissman, Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, in: Proceedings of the DARPA Information Survivability Conference and Exposition, 2000.
35. R. Mahajan, S.M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review 32(3) (2002), 62-73.
36. C. Manikopoulos and S. Papavassiliou, Network intrusion and fault detection: A statistical anomaly approach, IEEE Commun. Mag. 40(10) (2002), 76-82.
37. J. Mirkovic and P. Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review 34(2) (2004), 39-53.
38. J. Mölsä, Effectiveness of rate-limiting in mitigating flooding DoS attacks, in: Proceedings of the Third IASTED International Conference on Communications, Internet, and Information Technology at St. Thomas, US Virgin Islands, M.H. Hamza, ed., ACTA Press, Anaheim, CA, USA, 2004, pp. 155-160.
39. J. Mölsä, Mitigating DoS attacks against the DNS with dynamic TTL values, in: Proceedings of the Ninth Nordic Workshop on Secure IT Systems, S. Liimatainen and T. Virtanen, eds, Espoo, Finland, 2004, pp. 118-124.
40. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, Inside the Slammer worm, IEEE Security & Privacy 1(4) (2003), 33-39.
41. D. Moore, C. Shannon and J. Brown, Code-Red: a case study on the spread and victims of an Internet worm, in: Proceedings of the Internet Measurement Workshop, Marseille, France, 2002.
42. D. Moore, C. Shannon, G.M. Voelker and S. Savage, Internet quarantine: Requirements for containing self-propagating code, in: Proceedings of the IEEE Infocom, 2003.
43. D. Moore, G.M. Voelker and S. Savage, Inferring Internet denial-of-service activity, in: Proceedings of the 10th USENIX Security Symposium, Washington, DC, 2001.
44. P. Mueller and G. Shipley, Dragon claws its way to the top, Network Computing (August 20) (2001) 45-67.
45. B. Mukherjee, L.T. Heberlein and K.N. Levitt, Network intrusion detection, IEEE Network 8(3) (1994), 26-41.
46. S. Northcutt and J. Novak, Network Intrusion Detection, 3rd edn, New Riders Publishing, Indiana, IN, 2002.
47. P. Papadimitratos and Z.J. Haas, Securing the Internet routing infrastructure, IEEE Commun. Mag. 40(10) (2002), 60-68.
48. V. Paxson, Bro: A system for detecting network intruders in real-time, Computer Networks 31(23-24) (1999), 2435-2463.
49. V. Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review 31(3) (2001).
50. T.H. Ptacek and T.N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks, Inc., 1998.
51. J. Reason, Managing the Risks of Organizational Accidents, Ashgate Publishing Company, Burlington, USA, 1997.
52. C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram and D. Zamboni, Analysis of a Denial of Service attack on TCP, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997, pp. 208-223. [Online] Available: https://www.cerias.purdue.edu/techreports-ssl/public/97-06.ps.
53. SecuriTeam, Kiss of Death - a new Denial of Service attack, 1999.
54. D. Senie, Changing the Default for Directed Broadcasts in Routers, RFC 2644, 1999.
55. C. Shannon and D. Moore, The spread of the Witty worm, CAIDA, Tech. Rep., 2004.
56. C. Shannon, D. Moore and K.C. Claffy, Beyond folklore: Observations on fragmented traffic, IEEE/ACM Trans. Networking 10(6) (2002) 709-720.
57. S. Staniford, V. Paxson and N. Weaver, How to Own the Internet in your spare time, in: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, 2002.
58. D. Sterne, K. Djahandari, B. Wilson, B. Babson, D. Schnackenberg, H. Holliday and T. Reid, Autonomic response to distributed Denial of Service attacks, in: Proceedings of Recent Advances in Intrusion Detection, 4th International Symposium, Davis, CA, 2001, pp. 134-149.
59. R. Stone, Centertrack: An IP overlay network for tracking DoS floods, in: Proceedings of the 9th USENIX Security Symposium, Denver, CO, 2000.
60. US Department of Homeland Security, Critical infrastructure, glossary of terms and acronyms.
61. C.D. Wickens and J.G. Hollands, Engineering Psychology and Human Performance, 3rd edn, Prentice Hall, Upper Saddle River, NJ, USA, 2000.
62. M.M. Williamson, Throttling viruses: Restricting propagation to defeat malicious mobile code, HP laboratories, Bristol, Tech. Rep. HPL-2002-172, June 2002.
63. J.M. Wing, A call to action: Look beyond the horizon, IEEE Security & Privacy 1(6) (2003), 62-67.
64. Y. Zhang and V. Paxson, Detecting backdoors, in: Proceedings of the 9th USENIX Security Symposium, Denver, CO, 2000.
65. Y. Zhang and V. Paxson, Detecting stepping stones, in: Proceedings of the 9th USENIX Security Symposium, Denver, CO, 2000.