popularOne type of attack on computer systems is known as a Denial of Service (DoS) attack. A
Denial of Service attack is designed to prevent legitimate users from using a system.
Traditional Denial of Service attacks are done by exploiting a buffer overflow,
exhausting system resources, or exploiting a system bug that results in a system that is no
longer functional. In the summer of 1999, a new breed of attack has been developed
called Distributed Denial of Service (DDoS) attack. Several educational and high
capacity commercial sites have been affected by these Distributed Denial of Service
attacks. A Distributed Denial of Service attack uses multiple machines operating in
concert to attack a network or site. There is very little that can be done if you are the
target of a DDoS. The nature of these attacks cause so much extra network traffic that it
is difficult for legitimate traffic to reach your site while blocking the forged attacking
packets. The intent of this paper is to help sites not be involved in a DDoS attack.
The first tools developed to perpetrate the DDoS attack were Trin00 and Tribe Flood
Network (TFN). They spawned the next generation of tools called Tribe Flood Network
2000 (TFN2K) and Stacheldraht (German for Barb Wire). These Distributed Denial of
Service attack tools are designed to bring one or more sites down by flooding the victim
with large amounts of network traffic originating at multiple locations and remotely
controlled by a single client.
This paper discusses how these DDoS tools work, how to detect them, and specific
technical information on each individual tool. It is written with the system administrator
in mind. It assumes that the reader has basic knowledge of the TCP/IP Protocol.
Did you find this white paper useful?
29 out of 50 users found this white paper useful
Related white papers
Deep Packets: Application Layer Security Threats
Attackers have progressed from scanning network ports and creating denial-of-service attacks to targeting software such as Web browsers, Web servers, e-mail programs and even database servers. Viruses can sometimes go...
Protecting the Enterprise Network: Layered Network Security Defense
Securing the network perimeter and prohibiting unauthorized access from within can prove to be a daunting challenge. Today's businesses must guarantee uninterrupted access to network resources. Products must be designed...
Gene Kim Presents "Surviving and Benefiting from an Audit" with Craig Morgan, Partner KPMG
An audit is a necessary and often painful event for many companies. As difficult as it is to imagine, it is possible to benefit from an audit. By understanding the...
Wireless worries: Unauthorized hot spots and rogue warriors
Many businesses and educational institutions have their own wireless networks-- but are often faced with policing rogue wireless hot spots brought in by employees or students. The rogue hot spots...
Top 10 Reasons Why Disk is Replacing Tape for Backup
The fact that tape – the de-facto method for protecting data – simply doesn’t work is becoming too obvious to ignore. Industry analysts have long noted that tape backups fail...
Denial of Service and Distributed Denial of Service Protection
To obtain full protection for DoS attacks, organizations typically need to purchase multiple proxy servers, network security devices, intrusion preventions systems, as well as software packages, updates, and expanded licenses...
Security Expansion Layers Beyond the Firewall
Your network security can be expanded well beyond your connection to the Internet. Three additional security perimeters now can be leveraged in your security model. Throughout this document,...
