|
|
 
In two papers presented at the IEEE Symposium on Security and Privacy here,
the graduate students suggested simple modifications to network software that
could defeat denial-of-service attacks and that could be implemented in the
current protocol used by the Internet. The symposium, sponsored by the Institute of Electrical and
Electronics Engineers, began Sunday and lasts through Wednesday.
By Robert Lemos
May 13, 2003
Steven Bellovin, a research fellow in network security at AT&T Labs, said both proposals are credible attempts at solving for network administrators the sticky problems of denial-of-service attacks.
Denial-of-service attacks essentially come in three varieties: those that tie up the intended victim's Web server by, for example, sending in a flood of valid data; those that consume so much memory that the server essentially freezes; and those that exploit a software flaw and cause the server to freeze or crash. The two proposals address the first two types of denial-of-service attacks.
The first proposal came from Abraham Yaar, a graduate student in computer engineering at Pittsburgh's Carnegie Mellon. He suggests a method to solve attacks that are based on a flood of data from forged Internet addresses.
The proposal takes advantage of largely unused bits in the headers of network traffic--the digitized address information attached to each electronic message--to fingerprint data based on the route the information took through a network. A victim suffering from an onslaught of data could use the fingerprint, or path-identifier number, to decide whether the traffic from certain regions of the Internet should be blocked by its Internet service provider.
"Even when the total attack traffic is 170 times the legitimate traffic, 60 percent of a server's capacity is still allocated to legitimate users," Yaar said after his presentation
Preventable deluges?
Deluging a site with valid data from thousands of computers is a type of denial-of-service attack that has been considered largely unpreventable. Less than two weeks ago, such an attack made Unix software maker SCO Group's Web site largely inaccessible for several hours. A similar attack earlier this year cut off Arab news site Al-Jazeera from the Internet for several days.
Such attacks are quite common but frequently go unreported. A 2-year-old study of Internet traffic found that every week about 4,000 attacks lasting more than 10 minutes each are launched.
Source: http://zdnet.com.com/2100-1105_2-1001200.html
| |
|
Article continues...
ZDNet |
 | |
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
