论文信息 - Distributed denial of service attacks

Distributed denial of service attacks

We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: "flood" a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defences. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes of input flows.

[1] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2] Rik Farrow,et al. Distributed denial-of-service attacks , 2000, WWW 2000.

[3] Steven M. Bellovin,et al. ICMP Traceback Messages , 2003 .

[4] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.

[5] QUTdN QeO,et al. Random early detection gateways for congestion avoidance , 1993, TNET.

[6] C. Huegen. The Latest in Denial of Service Attacks: Smurfing , 1998 .

[7] Thomas Henry Ptacek,et al. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[8] Van Jacobson,et al. Link-sharing and resource management models for packet networks , 1995, TNET.