Fixed spoofing different from the other two spoofing

This preview shows page 7 - 9 out of 12 pages.

Fixed SpoofingDifferent from the other two spoofing techniques, the spoofed address is the address of theTarget. For example, an attacker performing a smurf attack spoofs the victim’s address so thatICMP ECHO packets will be reflected to the victim.TargetAlthough most DoS attacks work via exhausting resources, the actual target to deny servicesVaries. The target could be the server application, the network access, or the networkInfrastructure.Server ApplicationAn application attack targets a given application on the victim (normally a server), thus disablingLegitimate clients to use the service and possibly tying up resources of the host machine.Nevertheless, if the victim can well separate the resources for different applications.DDOS DEFENSES IN THE INTERNET:In this section, we overview products that have been deployed with an emphasis on theirFunctionalities and principles. Then, we will focus our discussion on recent defense technologies7 | P a g e
Proposed by researchers, and categorize them according to where they could be deployed.Defense Technologies in Deployment:In response to DDoS attacks, a variety of commercial products have been developed andDeployed by networking and security manufactures, mainly including intrusion detection systems(IDSs), firewalls and security enhanced routers. These devices are normally deployed betweenThe Internet and servers so that they can monitor incoming and outgoing traffic and takeAppropriate actions to protect servers. Fundamental technologies inside these devices includeTraffic analysis, access control, packet filtering, address blocking, redundancy.IDSs typically logincoming traffic and make statistics from traffic traces. For example, CISCOIOS Net Flow (CISCO 2006a) can account network traffic and usage and provide valuableInformation about network users and applications, peak usage times, and traffic routing. TrafficTraces and statistics can be compared to baseline traffic profiles to identify potential DoS attacks.In the past, most DDoS attacks caught attention due to abnormal conditions of the victimNetwork, such as high traffic volume targeting at a certain port, slowing down of target servers,Or high dropping rates of service requests. In addition, well-known DoS attack signatures (e.g.TCP SYN flooding) can also be captured to raise alerts.Although a few practical solutions and products have been deployed, many problems still exist.First, it is hard to distinguish flash crowds from flooding traffic. For example, firewalls may notPrevent attacks against port 80 (web service) of servers, because many packets are just webSurfing traffic to the web sites hosted by the target servers. Second, when flooding traffic isMitigated through filtering and rate-limiting mechanisms, some portion of the legitimate trafficMay also be discarded. Access control lists may be setup on wrong information as well, becauseFlooding packets may spoof addresses. Third, firewalls and routers can be easily overwhelmed

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture