Skip to main content
SpringerLink
Log in

Background

  • Chapter
  • First Online:
An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks

  • 1513 Accesses

Abstract

In Chap. 1, we have introduced the serious consequences that a Denial of Service (DoS) attack could pose on our society which is increasingly reliant on information and the systems used to store, process, and communicate that information. However, the DoS problem has various dimensions and definitions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Readers who are interested in the details of the taxonomy of DDoS should refer to the paper by Mirkovic and Reiher [44].

  2. 2.

    http://secunia.com/advisories/38256

  3. 3.

    http://ha.ckers.org/slowloris/

References

  1. Wang, P., S. Sparks, and C.C. Zou. 2010. An advanced hybrid peer-to-peer botnet. IEEE Transactions on Dependable and Secure Computing 7(2): 113–127. http://www.3gpp.org/tsg_sa/WG3_Security/TSGS3_15_Washington/Docs/PDF/S3-000571.pdf. Accessed 16 Feb 2011.

    Google Scholar 

  2. Arce, I., and E. Levy. 2003. An analysis of the slapper worm. IEEE Security & Privacy 1(1): 82–87.

    Article  Google Scholar 

  3. Bächer, P., T. Holz, M. Kötter, and G. Wicherski. 2008. Honeynet project: Know your enemy: Tracking botnets. http://www.honeynet.org/papers/bots. Accessed 8 Feb 2009.

  4. Banks, Z. 2009. Slowloris HTTP denial of service. http://hackaday.com/2009/06/17/slowloris-http-denial-of-service/. Accessed 27 Jan 2011.

  5. Barford, P., and V. Yegneswaran. 2006. An inside look at botnets. Malware detection, eds. In M. Christodorescu, S. Jha, D. Maughan, D. Song, and C. Wang, Advances in Information Security, 171–191. Berlin: Springer Science+Business Media, LLC.

    Google Scholar 

  6. Barlow, J. 2000. Axent releases a full tfn2k analysis. http://www.securiteam.com/securitynews/5YP0G000FS.html. Accessed 10 Feb 2009.

  7. Bradley, T. 2010. Operation payback: Wikileaks avenged by hacktivists. http://www.pcworld.com/businesscenter/article/212701/operation_payback_wikileaks_avenged_by_hacktivists.html. Accessed 28 Jan 2011.

  8. Brenner, B. 2010. Layer 7 increasingly under DDoS gun. http://www.csoonline.com/article/526263/report-layer-7-increasingly-under-ddos-gun. Accessed 27 Jan 2011.

  9. Bryan-Low, C. 2007. How legal codes can hinder hacker cases. The Wall Street Journal. Jan 17, p. A8.

    Google Scholar 

  10. Computer Emergency Respone Team (CERT). 1996. Denial-of-service attack via ping. http://www.cert.org/advisories/CA-1996-26.html. Accessed Aug 2004.

  11. Computer Emergency Respone Team (CERT). 1996. SYN flooding attack. Available: http://www.cert.org/advisories/CA-1996-21.html. Accessed Aug 2004.

  12. CERT/CC. 1997. Cert advisory ca-1997-28 ip denial-of-service attacks. http://www.cert.org/advisories/CA-1997-28.html. Accessed 11 Feb 2009.

  13. CERT/CC. 1998. Cert advisory ca-1998-01 smurf ip denial-of-service attacks. http://www.cert.org/advisories/CA-1998-01.html. Accessed 12 Feb 2009.

  14. Cheswick, W.R., and S.M. Bellovin. 1994. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Professional.

    Google Scholar 

  15. CPNI. 2008. Advice on the sockstress vulnerabilities (FICORA 193744). Advisory, Centre for the Protection of National Infrastructure.

    Google Scholar 

  16. Dittrich, D. 1999. The DoS Project’s “trinoo” distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/trinoo.analysis. Accessed 16 Feb 2011.

  17. Dittrich, D. 1999. The “stacheldraht” distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/stacheldraht.analysis. Accessed 16 Feb 2011.

  18. Dittrich, D. 1999. The “tribe flood network” distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/tfn.analysis. Accessed 16 Feb 2011.

  19. Dittrich, D., and S. Dietrich. 2007. Command and control structures in malware. The USENIX Magazine 32(6). http://www.usenix.org/publications/login/2007-12/openpdfs/dittrich.pdf. Accessed 16 Feb 2011.

  20. Garber, L. 2000. Denial-of-service attacks rip the internet. Computer 33(4): 12–17.

    Article  Google Scholar 

  21. Goodin, D. 2009. Superworm seizes 9m PCs, ‘stunned’ researchers say. http://www.theregister.co.uk/2009/01/16/9m_downadup_infections/. Accessed 16 Feb 2011.

  22. Greene, T. 2007. Storm worm strikes back at security pros. http://www.networkworld.com/news/2007/102407-storm-worm-security.html. Accessed 11 Feb 2009.

  23. Grimes, R.A. 2009. Fighting malware: An interview with Paul Ferguson. http://www.infoworld.com/d/security-central/fighting-malware-interview-paul-ferguson-447. Accessed 16 Feb 2011.

  24. Higgins, K.J. 2010. Researchers to demonstrate new attack that exploits HTTP. http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/index.html. Accessed 27 Jan 2011.

  25. Hund, R., M. Hamann, and T. Holz. 2008. Towards next-generation botnets. In European Conference on Computer Network Defense. EC2ND 2008, 33–40.

    Google Scholar 

  26. infectionvectors.com. 2004. Agobot and the “kitchen sink”, Dublin, Ireland http://www.infectionvectors.com/vectors/Agobot_&_the_Kit-chen_Sink.pdf. Accessed 28 Jan 2011.

  27. International Telecommunication Union. 1991. Data communication networks: Open systems interconnection (OSI); security, structure and applications–security architecture for open systems interconnection for CCIT applications. Recommendation X.800, Telecommunication Standardization Sector of ITU, Geneva, Switzerland.

    Google Scholar 

  28. (International Telecommunication Union) ITU. 2008. Itu botnet mitigation toolkit: Background information. Technical report.

    Google Scholar 

  29. Jensen, M., N. Gruschka, and R. Herkenhöner. 2009. A survey of attacks on web services. Computer Science – R&D 24(4): 185–197.

    Google Scholar 

  30. Kenny, M. 1997. Ping of death. http://insecure.org/sploits/ping-o-death.htm. Accessed 11 Feb 2009.

  31. Kuzmanonvic, A., and E.W. Knightly. 2006. Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Transactions on Networking 14(4): 683–696.

    Article  Google Scholar 

  32. Labovitz, C. 2010. The internet goes to war. http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/. Accessed 28 Jan 2011.

  33. Lee, K., J. Kim, K.H. Kwon, Y. Han, and S. Kim. 2008. DDoS attack detection method using cluster analysis. Expert Systems with Applications 34(3): 1659–1665.

    Article  Google Scholar 

  34. Li, Z., A. Goyal, and Y. Chen. 2008. Honeynet-based botnet scan traffic analysis. In Botnet detection: Countering the largest security threat, eds. W. Lee, C. Wang, and D. Dagon, 25–44. Berlin: Springer.

    Google Scholar 

  35. Louis, J.C., and R.E. Lee. 2011. Introduction to sockstress. http://insecure.org/stf/tcpdos/outpost24-sect-sockstress.pdf. Accessed 16 Feb 2011.

  36. Lu, W., M. Tavallaee, and A.A. Ghorbani. 2009. Automatic discovery of botnet communities on large-scale communication networks. In ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS’09), 1–10, Sydney, Australia.

    Google Scholar 

  37. Martin, J. 2004. Denial of service (dos) attacks. http://www.securitydocs.com/library/2616. Accessed 1 Feb 2011.

  38. McAfee. 2003. W32/spybot worm gen. http://vil.nai.com/vil/content/v_100282.htm. Accessed 13 Feb 2009.

  39. McPherson, D., C. Labovitz, M. Hollyman, J. Nazario, and G.R. Malan. 2008. Worldwide infrastructure security report. Technical report, Arbor Networks.

    Google Scholar 

  40. meltman@lagged.net. 1997. The LAND attack (IP DOS). http://insecure.org/sploits/land.ip.DOS.html. Accessed 11 Feb 2009.

  41. Trend Micro. 2002. Worm_agobot.a. http://www.trendmicro.com/VINFO/VIRUSENCYCLO/default5.asp?VName=WORM_AGOBOT.A. Accessed 13 Feb 2009.

  42. Microsoft. 2003. Buffer overrun in RPC interface could allow code execution. Technical report MS03-026. http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx. Accessed 28 Jan 2011.

  43. Microsoft. 2003. Unchecked buffer in windows component could cause server compromise. Technical report MS03-007. http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx. Accessed 28 Jan 2011.

  44. Mirkovic J., and P. Reiher. 2004. A taxonomy of ddos attack and ddos defense mechanisms. ACM SIGCOMM Computer Communication Review 34(2): 39–53. http://www.cis.udel.edu/sunshine/publications/ccr.pdfarticlesteven

  45. Mölsä, J. 2005. Mitigating denial of service attacks: A tutorial. Journal of Computer Security 13(6): 807–837.

    Google Scholar 

  46. Moscaritolo, A. 2009. New style of DNS amplification can yield powerful DDoS attacks. http://www.scmagazineus.com/new-style-of-dns-amplification-can-yield-powerful-ddos-attacks/article/126839/. Accessed 16 Feb 2011.

  47. Nazario, J. 2008. Political DDoS: Estonia and beyond. In USENIX Security ’08. USENIX. http://streaming.linux-magazin.de/events/usec08/tech/archive/jnazario/.

  48. Needham, R.M. 1993. Denial of service. In The 1st ACM Conference on Computer and Communications Security, 151–153, Fairfax.

    Google Scholar 

  49. Nikander, P., J. Kempf, and E. Nordmark. 2007. IPv6 neighbor discovery (ND) trust models and threats. http://www.ietf.org/rfc/rfc3756.txt. Accessed 10 Feb 2011.

  50. Padmanabhuni, S., V. Singh, K.M.S. Kumar, and A. Chatterjee. 2006. Preventing service oriented denial of service (PreSODoS): A proposed approach. In ICWS ’06: Proceedings of the IEEE International Conference on Web Services, 577–584, Washington, IEEE Computer Society.

    Google Scholar 

  51. Paxson, V. 2001. An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review 31(3): 38–47. http://www.icir.org/vern/papers/reflectors.CCR.01.pdf.

  52. Porras, P., H. Saidi, and V. Yegneswaran. 2007. A multi-perspective analysis of the storm (Peacomm) worm. http://www.cyber-ta.org/pubs/StormWorm/report. Accessed 16 Feb 2011.

  53. Riley, S. 2006. Configure your router to block DOS attempts. http://blogs.technet.com/steriley/archive/2006/07/10/Configure-your-router-to-block-DOS-attempts.aspx.

  54. Savage, S., N. Cardwell, D. Wetherall, and T. Anderson. 1999. TCP congestion control with a misbehaving receiver. SIGCOMM Computer Communication Review 29(5): 71–78.

    Article  Google Scholar 

  55. Sherwood, R., B. Bhattacharjee, and R. Braud 2005. Misbehaving TCP receivers can cause internet-wide congestion collapse. In CCS ’05: Proceedings of the 12th ACM Conference on Computer and Communications Security, 383–392, New York, ACM Press.

    Google Scholar 

  56. Smith, J. 2007. Denial of service: Prevention, modelling and detection. Ph.D. thesis, Information Security Institute, Queensland University of Technology, Brisbane, Australia.

    Google Scholar 

  57. Spiess, K. 2007. Worm ‘Storm’ gathers strength. http://www.neoseeker.com/news/7103-worm-storm-gathers-strength/. Accessed 12 Feb 2009.

  58. Stewart, J. 2003. Sinit P2P trojan analysis. http://www.secureworks.com/research/threats/sinit/. Accessed 13 Feb 2009.

  59. Stewart, J. 2007. Storm worm DDoS attack. http://www.secureworks.com/research/threats/storm-worm/?threat=storm-worm. Accessed 11 Feb 2009.

  60. Stover, S., D. Dittrich, J. Hernandez, and S. Dietrich. 2007. Analysis of the storm and nugache trojans: P2P is here. The USENIX Magazine 32.

    Google Scholar 

  61. Strayer, W.T., D. Lapsely, R. Walsh, and C. Livadas. 2008. Botnet detection based on network behavior. In Botnet detection: Countering the largest security threat, eds. vol. 36 Advances in information security, 1–24. Berlin: Springer.

    Google Scholar 

  62. Symantec. 2002. Backdoor.sdbot. http://www.symantec.com/security_response/writeup.jsp?docid=2002-051312-3628-99&tabid=1. Accessed 13 Feb 2009.

  63. Terdiman, D. 2004. Solution for slashdot effect? http://www.wired.com/science/discoveries/news/2004/10/65165. Accessed 1 Feb 2011.

  64. UNIONTOWN. 2006. Student accused of trying to crash school’s computer system. http://www.wkyc.com/news/news_article.aspx?ref=RSS&storyid=45721. Accessed 16 Feb 2011.

  65. US Committee on National Security Systems. 2006. National information assurance (IA) glossary. Instruction 4009, CNSS.

    Google Scholar 

  66. Vaas, L. 2007. Storm worm botnet lobotomizing anti-virus programs. http://www.eweek.com/c/a/Security/Storm-Worm-Botnet-Lobotomizing-AntiVirus-Programs/. Accessed 12 Feb 2009.

  67. Vamosi, R. 2008. Phishers now leasing the storm worm botnet. http://news.cnet.com/8301-10789_3-9847276-57.html. Accessed 11 Feb 2009.

  68. Wang, P., S. Sparks, and C.C. Zou. 2010. An advanced hybrid peer-to-peer botnet. IEEE Transactions on Dependable and Secure Computing 7(2): 113–127. http://www.3gpp.org/tsg_sa/WG3_Security/TSGS3_15_Washington/Docs/PDF/S3-000571.pdf. Accessed 16 Feb 2011.

    Google Scholar 

  69. Watson, P.A. 2004. Slipping in the window: TCP reset attacks. Technical whitepaper, CanSecWest. http://cansecwest.com/core04/cansecwest04.iso.

  70. Wilson, C. 2008. Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress. Technical report, US Dept of State. http://www.fas.org/sgp/crs/terror/RL32114.pdf. Accessed 16 Feb 2011.

  71. Yamaguchi, F. 2008. TCP denial of service vulnerabilities. http://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2909-en-tcp_denial_of_service_vulnerabilities.mp4. Accessed 16 Feb 2011.

Download references

Author information

Authors and Affiliations

  1. Information Security Institute, Queensland University of Technology, Brisbane, Australia

    A. B. Tickle, E. Ahmed, G. Mohay, S. Panichprecha, D. Schmidt & S. Suriadi

  2. Society for Electronic Transactions and Security, Chennai, India

    S. M. Bhaskar

  3. Department of Computer Science and Engineering, Indian Institute of Technology Madras, Chennai, India

    S. V. Raghavan & B. Ravindran

Authors
  1. A. B. Tickle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. M. Bhaskar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. Mohay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. S. Panichprecha
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. S. V. Raghavan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. B. Ravindran
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. D. Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. S. Suriadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to G. Mohay .

Editor information

Editors and Affiliations

  1. , Department of Computer Science and Engin, Indian Institute of Technology Madras, C, Chennai, 600036, India

    S.V. Raghavan

  2. , Information Security Institute, Queensland University of Technology, Margaret Street, Brisbane, 4000, Australia

    E Dawson

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer India Pvt. Ltd.

About this chapter

Cite this chapter

Tickle, A.B. et al. (2011). Background. In: Raghavan, S., Dawson, E. (eds) An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks. Springer, India. https://doi.org/10.1007/978-81-322-0277-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-81-322-0277-6_2

  • Published:

  • Publisher Name: Springer, India

  • Print ISBN: 978-81-322-0276-9

  • Online ISBN: 978-81-322-0277-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation