Denial of Service attacks (DoS) or Distributed Denial of Service Attacks (DDoS), have been around for many years, but only in the past few years have the frequency and magnitude of these attacks increased. They are a significant problem because they can shut an organization off from the Internet for extended periods of time and little can be done to stop them. DoS attacks occur when computer resources become unavailable to legitimate users after being exhausted by false requests for information (Houle and Weaver 1).
This research paper is a comprehensive look at DoS attacks, including information about their history and development, how to detect them, and what measures should be taken to prevent large amounts of damage.
The first documented DoS activity dates back to 1999. The methods and vulnerabilities are constantly changing, but the result is always the same. The following are some of the more important events:
July-Widespread deployment of DDoS attacks based on a tool known as "trinoo" via various RPC related vulnerabilities. Many of the initial deployments were done manually, with intruders carefully testing and selecting hosts.
August-New DDoS tool known as Stacheldraht found in isolated incidents. Program added encrypted communications between the attacker and host systems.
December-Program known as Tribe Flood Network 2000 (TFN2K) was released and included features designed to make attack traffic more difficult to detect and trace.
February-The now infamous DDoS attacks against websites like Yahoo, eBay, CNN, and eTrade took place, leaving the sites offline for hours.
April-Packet amplification attacks using nameservers became popular.
August-The Trinity DDoS tool was deployed on compromised UNIX systems and adopted IRC as its infrastructure.
April-DDoS tool "carko" found in the wild.
July-Code Red virus released. First virus based attack tool that included TCP SYN DoS attack abilities. Code Red also caused isolated DoS conditions due to concentrated scanning and propagation.
April-Numerous vulnerabilities were discovered in Microsoft's IIS service which allowed DoS attacks via malformed FTP connection requests, as well as when a URL was entered that exceeds maximum length
September- The Apache/mod_ssl worm can act as an attack platform for DDoS attacks against other sites by building a network of infected hosts.
January¬-SQL slammer worm released. Caused large drop off in speed across the Internet.
August-The blaster worm created DoS conditions throughout the Internet. The virus spread via TCP port 135. The worm included the ability to launch a TCP SYN flood denial-of-service attack against Microsoft's site, windowsupdate.com.
The primary purposes of DoS and DDoS attacks are shutting down processes and services, or exhausting system resources. There is an explicit attempt made to prevent legitimate users from...