Showing papers on "Denial-of-service attack published in 2000"

Distributed denial of service attacks

Abstract: We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: "flood" a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defences. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes of input flows.

DOS-Resistant Authentication with Client Puzzles

Abstract: Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server's memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.

Analyzing Distributed Denial of Service Tools: The Shaft Case

Abstract: In this paper we present an analysis of Shaft, an example of malware used in distributed denial of service (DDoS) attacks. This relatively recent occurrence combines well-known denial of service attacks (such as TCP SYN flood, smurf, and UDP flood) with a distributed and coordinated approach to create a powerful program, capable of slowing network communications to a grinding halt.Denial of service attack programs, root kits, and network sniffers have been around in the computer underground for a very long time. They have not gained nearly the same level of attention by the general public as did the Morris Internet Worm of 1988, but have slowly progressed in their development. As more and more systems have come to be required for business, research, education, the basic functioning of government, and now entertainment and commerce from people's homes, the increasingly large number of vulnerable systems has converged with the development of these tools to create a situation that resulted in distributed denial of service attacks that took down the largest e-commerce and media sites on the Internet.In contrast, we provide a comparative analysis of several distributed denial of service tools (e.g., Trinoo, TFN, Stacheldraht, and Mstream), look at emerging countermeasures against some of these tools. We look at practical examples of these techniques, provide some examples from test environments and finally talk about future trends of these distributed tools.

A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions

Abstract: As the recent distributed Denial-of-Service (DDOS) attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. Furthermore, intrusion detection systems (IDSs) need to be updated timely whenever a novel intrusion surfaces; and geographically distributed IDSs need to cooperate to detect distributed and coordinated intrusions. In this paper, we describe an experimental system, based on the Common Intrusion Detection Framework (CIDF), where multiple IDSs can exchange attack information to detect distributed intrusions. The system also includes an ID model builder, where a data mining engine can receive audit data of a novel attack from an IDS, compute a new detection model, and then distribute it to other IDSs. We describe our experiences in implementing such system and the preliminary results of deploying the system in an experimental network.

Hacking Exposed

Abstract: From the Publisher: This one-of-a-kind book provides in-depth expert insight into how hackers infiltrate e-business,and how they can be stopped. In today's round-the-clock,hyper-connected,all-digital economy,computer security is everyone's business. Hacking Exposed: Network Security Secrets & Solutions,Second Edition brings even more in-depth insight into how hackers infiltrate e-business,and how they can be stopped. Security insiders Stuart McClure,Joel Scambray,and George Kurtz present more than 220 all-new pages of technical detail and case studies in an easy-to-follow style. The world of Internet security moves even faster than the digital economy,and all of the brand-new tools and techniques that have surfaced since the publication of the best-selling first edition are covered here. Use the real-world countermeasures in this one-of-a-kind volume to plug the holes in your network today—before they end up in the headlines tomorrow. New and Updated Material: Brand new "Hacking the Internet User" chapter covers insidious Internet client attacks against web browsers,email software,and active content,including the vicious new Outlook email date field buffer overflow and ILOVEYOU worms. A huge new chapter on Windows 2000 attacks and countermeasures covers offline password database attacks and Encrypting File System (EFS) vulnerabilities. Coverage of all the new Distributed Denial of Service (DDoS) tools and techniques that almost broke down the Internet in February 2000 (Trinoo,TFN2K,Stacheldraht). Significantly updated e-commerce hacking methodologies including new IIS and Cold Fusion vulnerabilities. A revised and updated dial-up chapter with new material onPBX and voicemail system hacking. New network discovery tools and techniques,including an updated section on Windows-based scanners,how to carry out eavesdropping attacks on switched networks using ARP redirection,and RIP spoofing attacks. Coverage of new back doors and forensic techniques,including defenses against Win9x back doors like Sub7. Updated coverage of security attacks against Windows 9x,Windows Me,Windows 2000,Windows NT,UNIX,Linux,NetWare,and dozens of other platforms,with appropriate countermeasures.

Defeating distributed denial of service attacks

Abstract: Security experts generally acknowledge that the long-term solution to distributed denial of service attacks is to increase the security level of Internet computers. Attackers would then be unable to find zombie computers to control. Internet users would also have to set up globally coordinated filters to stop attacks early. However, the critical challenge in these solutions lies in identifying the incentives for the Internet's tens of millions of independent companies and individuals to cooperate on security and traffic control issues that do not appear to directly affect them. We give a brief introduction to: network weaknesses that DDoS attacks exploit; the technological futility of addressing the problem solely at the local level; potential global solutions; and why global solutions require an economic incentive framework.

System and method for protecting a computer network against denial of service attacks

Abstract: A system and method are disclosed for determining whether a sender (120 a-d) seeking to send a message to a receiving computer (102) system via a network is an authorized sender. A request to communicate is received from the sender (120 a-d). A number N1 is selected. A hash value for the number N1 is calculated. The hash value is sent to the sender (120 a-d).

Using router stamping to identify the source of IP packets

Abstract: Denial of Service and Distributed Denial of Service attacks have cost millions of dollars to online companies. Unfortunately, these attacks are particularly di cult to stop since hackers are able to hide their IP address by IP spoo ng, so that it is often impossible to identify their location. Our proposal, Router Stamping, would help to identify the source of Denial of Service attacks, provided that a signi cant percentage of packets are sent from one subnet. In accomplishing this, Router Stamping imposes only a small increase in the size of the packet header. In addition, it is easy to implement and maintain, and it can function in the presence of some noncompliant or malicious routers.

Towards Network Denial of Service Resistant Protocols

Abstract: Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN flooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares different approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.

Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319

Abstract: : One type of attack on computer systems is known as a Denial of Service (DoS) attack. A Denial of Service attack is designed to prevent legitimate users from using a system. Traditional Denial of Service attacks are done by exploiting a buffer overflow, exhausting system resources, or exploiting a system bug that results in a system that is no longer functional. In the summer of 1999, a new breed of attack has been developed called Distributed Denial of Service (DDoS) attack. Several educational and high capacity commercial sites have been affected by these Distributed Denial of Service attacks. A Distributed Denial of Service attack uses multiple machines operating in concert to attack a network or site. There is very little that can be done if you are the target of a DDoS. The nature of these attacks cause so much extra network traffic that it is difficult for legitimate traffic to reach your site while blocking the forged attacking

Method and apparatus for preventing denial of service attacks

Abstract: A method and apparatus for preventing denial of service type attacks on data networks is described The method involves scanning the contents of the data packets flowing over the data network using a traffic flow scanning engine The data packets are reordered and reassembled and then the payload contents are scanned to determine whether they conform to predetermined requirements Data packets which do not reorder or reassemble correctly or which do not conform to the predetermined requirements may be dropped Dropping packets which do not reorder or reassemble correctly or which do not conform to the predetermined requirements prevent denial of service attack which exploit bugs in the TCP/IP implementation or shortcomings in the TCP/IP specification The traffic flow scanning engine is further operable to determine whether the data packets are associated with validated traffic flows Those data packets associated with validated traffic flows are assigned to a higher priority while those not associated with a validated traffic flow are assigned to a low priority, which may occupy no more that a predetermined maximum of the available bandwidth Assigning data packets associated with a non-validated traffic flow to a low priority prevent brute force type denial of service attacks designed to clog networks

Radio Jamming Attacks Against Two Popular Mobile Networks

Abstract: The dependence on Mobile Networks is growing. The success of the Internet was followed by Denial of Service attacks. What if the same happens to Mobile Networks? This paper gives an introduction to the concept of Radio Jamming and explores jamming resistance of two popular mobile networks: GSM and WLAN. Radio interfaces of the two systems are analysed and effective jamming-to-noise ratios are calculated. Based on the results, suggestions on how to increase the jamming resistance of the networks are given.

Distributed Denial of Service Tools, Trin00, Tribe Flood Network, Tribe Flood Network 2000 and Stacheldraht.

Abstract: One type of attack on computer systems is know as a Denial of Service (DoS) attack. A DoS attack is designed to prevent legitimate users from using a system. Traditional Denial of Service attacks are done by exploiting a buffer overflow, exhausting system resources, or exploiting a system bug that results in a system that is no longer functional. In the summer of 1999, a new breed of attack has been developed called Distributed Denial of Service (DDoS) attack. Several educational and high capacity commercial sites have been affected by these DDoS attacks. A DDoS attack uses multiple machines operating in concert to attack a network or site. There is very little that can be done if you are the target of a DDoS. The nature of these attacks cause so much extra network traffic that it is difficult for legitimate traffic to reach your site while blocking the forged attacking packets. The intent of this paper is to help sites not be involved in a DDoS attack. The first tools developed to perpetrate the DDoS attack were Trin00 and Tribe Flood Network (TFN). They spawned the next generation of tools called Tribe Flood Network 2000 (TFN2K) and Stacheldraht (German for Barb Wire). These DDoS attack tools are designed to bring one or more sites down by flooding the victim with large amounts of network traffic originating at multiple locations and remotely controlled by a single client. This paper discusses how these DDoS tools work, how to detect them, and specific technical information on each individual tool. It is written with the system administrator in mind. It assumes that the reader has basic knowledge of the TCP/IP Protocol.

Malicious packet dropping: how it might impact the TCP performance and how we can detect it

Abstract: Among various types of denial of service attacks, "dropping attack" is probably the most difficult one to handle. This paper explores the negative impacts of packet dropping attacks and a method to detect such attacks. First, three dropping patterns are classified and investigated. We demonstrate that attackers can choose different dropping patterns to degrade TCP service to different levels, and selectively dropping a very, small number of packets can result in severe damage to TCP performance. Second, we show that a hacker can utilize a DDoS attack tool to control a "uncompromised" router to emulate dropping attacks. This proves that dropping attacks are indeed practically very possible to happen in today's Internet environment. Third, we present a statistical analysis module for the detection of TCP packet dropping attacks. Three measures, session delay, the position and the number of packet reorderings, have been implemented in the statistical module. This paper has evaluated and compared their detection performance.

Denial-of-service attack blocking with selective passing and flexible monitoring

Abstract: A method and apparatus for responding to denial of service attacks. Rather than a firewall or other device either denying all new session requests or denying no new session requests (and, albeit, dropping then-pending session requests), new session requests are selectively passed to the device.

A denial-of-service resistant intrusion detection architecture

Abstract: As the capabilities of intrusion detection systems (IDSs) advance, attackers may disable organizations’ IDSs before attempting to penetrate more valuable targets. To counter this threat, we present an IDS architecture that is resistant to denial-of-service (DOS) attacks. The architecture frustrates attackers by making IDS components invisible to attackers’ normal means of “seeing” in a network. Upon a successful attack, the architecture allows IDS components to relocate from attacked hosts to operational hosts thereby mitigating the attack. These capabilities are obtained by using mobile agent technology, utilizing network topology features, and by restricting the communication allowed between different types of IDS components.

Denial of service in public key protocols

Abstract: Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I present a survey of the literature on designing denial of service resistant communication protocols. I consider several different types of resources vulnerable to resource consumption attacks, and outline countermeasures against such attacks. I also describe how these countermeasures are used in the ISAKMP/IKE and Photuris protocols, and give overview of design recommendations for future protocols.

A stateful inspection module architecture

Abstract: Packet filtering firewalls have evolved over the 1990s through a series of generations. Stateful inspection represents the climax of this evolution. This paper describes the security vulnerabilities and performance degradation inherent in the inspection module architecture of one of the leading firewalls in the market; Firewall-1 developed by Check Point. The paper proposes an architecture for a stateful inspection module that overcomes the security and performance problems. The proposed architecture protects against SYN flooding and firewall saturation denial of service attacks and preserves at the same time a high throughput.

Real World Linux Security : Intrusion Prevention, Detection and Recovery

Abstract: List of Figures. List of Tables. Foreword. Acknowledgments. About the Author. 1. Introduction. Introduction to the Second Edition. Who Should Read This Book? How This Book Is Organized. What Are You Protecting? Who Are Your Enemies? What They Hope to Accomplish. Costs: Protection versus Break-Ins. Protecting Hardware. Protecting Network and Modem Access. Protecting System Access. Protecting Files. Preparing for and Detecting an Intrusion. Recovering from an Intrusion. I. SECURING YOUR SYSTEM. 2. Quick Fixes for Common Problems. Understanding Linux Security. The Seven Most Deadly Sins. Passwords: A Key Point for Good Security. Advanced Password Techniques. Protecting the System from User Mistakes. Forgiveness Is Better than Permission. Dangers and Countermeasures During Initial System Setup. Limiting Unreasonable Access. Firewalls and the Corporate Moat. Turn Off Unneeded Services. High Security Requires Minimum Services. Replace These Weak Doors with Brick. New Lamps for Old. United We Fall, Divided We Stand. 3. Quick and Easy Hacking and How to Avoid It. X Marks the Hole. Law of the Jungle-Physical Security. Physical Actions. Selected Short Subjects. Terminal Device Attacks. Disk Sniffing. 4. Common Hacking by Subsystem. NFS, mountd, and portmap. Sendmail. Telnet. FTP. The rsh, rcp, rexec, and rlogin Services. DNS (named, a.k.a. BIND). POP and IMAP Servers. Doing the Samba. Stop Squid from Inking Out Their Trail. The syslogd Service. The print Service (lpd). The ident Service. INND and News. Protecting Your DNS Registration. 5. Common Hacker Attacks. Rootkit Attacks (Script Kiddies). Packet Spoofing Explained. SYN Flood Attack Explained. Defeating SYN Flood Attacks. Defeating TCP Sequence Spoofing. Packet Storms, Smurf Attacks, and Fraggles. Buffer Overflows or Stamping on Memory with gets(). Spoofing Techniques. Man-in-the-Middle Attack. 6. Advanced Security Issues. Configuring Netscape for Higher Security. Stopping Access to I/O Devices. Scouting Out Apache (httpd) Problems. Special Techniques for Web Servers. One-Way Credit Card Data Path for Top Security. Hardening for Very High Security. Restricting Login Location and Times. Obscure but Deadly Problems. Defeating Login Simulators. Stopping Buffer Overflows with Libsafe. 7. Establishing Security Policies. General Policy. Personal Use Policy. Accounts Policy. E-Mail Policy. Instant Messenger (IM) Policy. Web Server Policy. File Server and Database Policy. Firewall Policy. Desktop Policy. Laptop Policy. Disposal Policy. Network Topology Policy. Problem Reporting Policy. Ownership Policy. Policy Policy. 8. Trusting Other Computers. Secure Systems and Insecure Systems. Trust No One-The Highest Security. Linux and UNIX Systems Within Your Control. Mainframes Within Your Control. A Window Is Worth a Thousand Cannons. Firewall Vulnerabilities. Virtual Private Networks. Viruses and Linux. 9. Gutsy Break-Ins. Mission Impossible Techniques. Spies. Fanatics and Suicide Attacks. 10. Case Studies. Confessions of a Berkeley System Mole. Knights of the Realm (Forensics). Ken Thompson Cracks the Navy. The Virtual Machine Trojan. AOL's DNS Change Fiasco. I'm Innocent, I Tell Ya! Cracking with a Laptop and a Pay Phone. Take a Few Cents off the Top. Nonprofit Organization Runs Out of Luck. Persistence with Recalcitrant SysAdmins Pays Off. Net Shipped with Nimda. 11. Recent Break-Ins. Fragmentation Attacks. IP Masquerading Fails for ICMP. The Ping of Death Sinks Dutch Shipping Company. Captain, We're Being Scanned! (Stealth Scans). Cable Modems: A Cracker's Dream. Using Sendmail to Block E-Mail Attacks. Sendmail Account Guessing. The Mysterious Ingreslock. You're Being Tracked. Distributed Denial of Service (Coordinated) Attacks. Stealth Trojan Horses. Linuxconf via TCP Port 98. Evil HTML Tags and Script. Format Problems with syslog(). II. PREPARING FOR AN INTRUSION. 12. Hardening Your System. Protecting User Sessions with SSH. Virtual Private Networks (VPNs). Pretty Good Privacy (PGP). Using GPG to Encrypt Files the Easy Way. Firewalls with IP Tables and DMZ. Firewalls with IP Chains and DMZ. 13. Preparing Your Hardware. Timing Is Everything. Advanced Preparation. Switch to Auxiliary Control (Hot Backups). 14. Preparing Your Configuration. TCP Wrappers. Adaptive Firewalls: Raising the Drawbridge with the Cracker Trap. Ending Cracker Servers with a Kernel Mod. Fire Drills. Break into Your Own System with Tiger Teams. 15. Scanning Your Own System. The Nessus Security Scanner. The SARA and SAINT Security Auditors. The nmap Network Mapper. The Snort Attack Detector. Scanning and Analyzing with SHADOW. John the Ripper. Store the RPM Database Checksums. III. DETECTING AN INTRUSION. 16. Monitoring Activity. Log Files. Log Files: Measures and Countermeasures. Using Logcheck to Check Log Files You Never Check. Using PortSentry to Lock Out Hackers. HostSentry. Paging the SysAdmin: Cracking in Progress! An Example for Automatic Paging. Building on Your Example for Automatic Paging. Paging telnet and rsh Usage. Using Arpwatch to Catch ARP and MAC Attacks. Monitoring Port Usage. Monitoring Attacks with Ethereal. Using tcpdump to Monitor Your LAN. Monitoring the Scanners with Deception Tool Kit (DTK). Monitoring Processes. Cron: Watching the Crackers. Caller ID. 17. Scanning Your System for Anomalies. Finding Suspicious Files. Tripwire. Detecting Deleted Executables. Detecting Promiscuous Network Interface Cards. Finding Promiscuous Processes. Detecting Defaced Web Pages Automatically. IV. RECOVERING FROM AN INTRUSION. 18. Regaining Control of Your System. Finding the Cracker's Running Processes. Handling Running Cracker Processes. Drop the Modems, Network, Printers, and System. 19. Finding and Repairing the Damage. Check Your /var/log Logs. The syslogd and klogd Daemons. Remote Logging. Interpreting Log File Entries. Check Other Logs. Check TCP Wrapper Responses. How the File System Can Be Damaged. Planting False Data. Altered Monitoring Programs. Stuck in the House of Mirrors. Getting Back in Control. Finding Cracker-Altered Files. Sealing the Crack. Finding set-UID Programs. Finding the mstream Trojan. 20. Finding the Attacker's System. Tracing a Numeric IP Address with nslookup. Tracing a Numeric IP Address with dig. Who's a Commie: Finding .com Owners. Finding Entities Directly from the IP Address. Finding a G-Man: Looking Up .gov Systems. Using ping. Using traceroute. Neighboring Systems' Results. A Recent International Tracking of a Cracker. Be Sure You Found the Attacker. Other SysAdmins: Do They Care? 21. Having the Cracker Crack Rocks. Police: Dragnet or Keystone Kops? Prosecution. Liability of ISPs Allowing Illegal Activity. Counteroffenses. Appendix A. Internet Resources for the Latest Intrusions and Defenses. Mailing Lists: The Mandatory Ones. Mailing Lists: The Optional Ones. News Groups. URLs for Security Sites. URLs for Security Tools. URLs for Documentation. URLs for General Tools. URLs for Specifications and Definitions. Vendor Software and Updates. Other Software Updates. Appendix B. Books, CD-ROMs, and Videos. Linux System Security. Building Linux and OpenBSD Firewalls. Samba: Integrating UNIX and Windows. Linux Sendmail Administration. Secrets and Lies: Digital Security in a Networked World. The Cuckoo's Egg. Hackers. UNIX Complete. The Computer Contradictionary. U.S. Department of Defense DISA Resource. Internetworking with TCP/IP Vols. I, II, and III Linux Application Development. Consultants: The Good, the Bad, and the Slick. Appendix C. Network Services and Ports. Appendix D. Danger Levels. Appendix E. Appendix F. Abbreviations. Index.

MULTOPS: a data structure for denial-of-service attack detection

Abstract: A denial-of-service (DoS) attack is an attempt by a single person or a group of people to disrupt an online service. In a bandwidth attack, attackers clog links or routers by generating a traffic overload. This can have serious consequences to companies that rely on their online availability to do business. The ubiquity of tools to organize DoS attacks and the determination of some people to wreak havoc make for potential future problems. This thesis proposes a MUlti-Level Tree for Online Packet Statistics (MULTOPS): an attackresistant data structure enabling routers to detect ongoing bandwidth attacks by searching for significant asymmetries between packet rates to and from different subnets. Statistics are kept in a tree that dynamically adapts its shape to (1) reflect changes in packet rates, and (2) avoid (maliciously intended) memory exhaustion. A MULTOPS is suitable to detect the type of bandwidth attack that occurred on a large scale in February 2000. To remain undetected, the attacker has to launch the attack from a large number of distinct sites which makes mounting the attack more difficult. This will hopefully discourage many attackers. Thesis Supervisor: M. Frans Kaashoek Title: Associate Professor of Electrical Engineering and Computer Science, Massachusetts Institute of Technology Thesis Supervisor: Massimiliano Poletto Title: Research Staff, Massachusetts Institute of Technology Thesis Supervisor: Andrew S. Tanenbaum Title: Professor of Computer Science, Vrije Universiteit

Denial of service protection the nozzle

Abstract: A denial of service attack is a dominating conversation with a network resource designed to preclude other conversations with that resource. This type of attack can cost millions of dollars when the target is a critical resource such as a Web server or domain name server. Traditional methods, such as firewalls and intrusion detection systems have failed to provide adequate protection from this type of attack. This paper presents a new protection method called a nozzle. The nozzle is based upon favorable aspects of firewalls and network pumps. It is deployed similar to a firewall such that all conversations from an untrusted user to a critical resource are monitored. The main advantage of the nozzle is the ability to provide a threshold for trusted traffic thus precluding new attacks. A nozzle consists of a series of rings. Each of which has a trusted and untrusted buffer, rules for packet placement, and rules for communication with the next level. Rings are placed in the protocol stack so they can protect particular protocols.

Method and system for protecting a security parameter negotiation server against denial-of-service attacks

Abstract: A method and system protects a security parameter negotiation server that stores states for connection requests pending negotiations from malicious denial-of-service attacks that attempt to flood the server with false requests. The degradation of performance of the server is dynamically detected, such as by monitoring the running intervals of a reaper that removes unneeded states. When performance degradation of the system is detected, relevant performance variables such as negotiation delay, extra retransmission delay and packet drop percentage are dynamically adjusted to reduce the workload on the negotiation server. Limiting the number of states with incomplete negotiation status for each client and the total number of such states further enhances the effectiveness of the protection against denial-of-service attacks.

Less harm, less worry or how to improve network security by bounding system offensiveness

Abstract: We describe a new class of tools for protecting computer systems from security attacks. Their distinguished feature is the principle they are based on. Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective. We show that some of the most popular DoS attacks are effectively blocked with limited impact on the sender's performance. Measurements of the implemented prototype show that controlling the outgoing traffic does not affect performance at the sender machine, when traffic is not hostile. If traffic is hostile, the limited slow down experienced at the source is the price to pay to make the Internet a safer place for all its users. The limited performance impact and the efficacy in attack prevention make tools like the one presented a new component of security architectures. Furthermore, such a type of tools represents an effective way to address security problems that are still unsolved or for which only partial solutions are available, such as the liability problem, intranet security, security tools performance and the use of distributed tools for intrusion.

Protection system against unauthorized access

Abstract: PROBLEM TO BE SOLVED: To provide a realistic protection means for coping with DDoS attacks, which impair the quality of service to be offered by performing large quantity of access to a specific host server. SOLUTION: When footstool hosts 300 to 400 execute the DDoS attack as a large quantity of access to an attacking object host 1 by an instruction of an attack performance host 10, attack-detecting equipment 2 detects the attack by monitoring a state of a network 5 on the protecting side and communication control equipment 3 instruct communication control to attack shielding devices 100 to 200 by the instruction of a manager of the network on the protecting side 5, when the DDoS attack is detected by the attack detecting equipment 2. The footstool hosts 300 to 400 control communication, by receiving the instruction of communication control. In addition, certificate-issuing equipment 4 transmits information to assure the contents of the instruction of the communication control to the attack shielding devices 100 to 200.

IGMPv3-based method for avoiding DoS attacks in multicast-enabled networks

Abstract: IP multicast has proven to be very good for many-to-many multimedia communications like audio and video conferencing. However there are only a few Internet service providers offering it as a true Internet service to their customers. The reason is that nowadays, IP multicast has many issues like billing, authentication, security protection against malicious people and so on. In fact, DoS attacks can be easily caused in IP multicast-enabled networks. We describe how to solve some of these problems.