Denial of Service - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Exception Triggered DoS Attacks on Wireless Networks 2009-01-01 Northwestern University

Security protocols are not as secure as one assumed. This paper identified a practical way to launch DoS attacks on security protocols by triggering exceptions. Through experiments, the author shows that even the latest strongly authenticated protocols such as PEAP, EAP-TLS and EAP-TTLS are vulnerable to these attacks. Real attacks have been implemented and tested against TLS-based EAP protocols, the major family of security protocols for Wireless LAN, as well as the Return Routability of Mobile IPv6, an emerging lightweight security protocol in new IPv6 infrastructure. DoS attacks on PEAP, one popular TLS-based EAP protocol were performed and tested on a major university's wireless network, and the attacks were highly successful.

Tags: Intrusion - Tampering, Mobile and Wireless

CCTV.com Streams Beijing 2008 Content to 25 Million Online Users With F5 Solutions 2008-12-06 F5 Networks

CCTV.com is the Internet arm of China Central Television (CCTV), the largest broadcaster in mainland China. The challenge was to maintain infrastructure reliability during high traffic period of the Beijing 2008 Games, to ensure fast and secure user access to web content, to protect against DDoS attacks and to optimize server utilization. It deployed F5 BIG-IP Local Traffic Manager and F5 BIG-IP Global Traffic Manager.

Tags: Security Administration, Intrusion - Tampering

Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks 2008-12-01 Institute of Electrical and Electronics Engineers

DNS amplification attacks utilize IP address spoofing and large numbers of open recursive DNS servers to perform the bandwidth consumption attack. During an attack, it ceaselessly fabricates DNS queries to the exploited open recursive DNS servers, and all the responses, often with larger size than the query messages, are reflected to the single victim due to the source IP address spoofing. While it is difficult to defend against this attack from the root causes by eliminating the open recursive DNS servers and IP spoofing for the whole Internet, this paper takes a different methodology to defend against it at the leaf router of victim's ISP or organization. The paper proposes an efficient and low-cost hardware approach to first detect the DNS amplification attack accurately and responsively.

Tags: Intrusion - Tampering,

Detection of Denial of Service Attacks in Wireless Mesh Networks 2008-11-28 Carleton University

Mesh networks are a new technology that provide nodes with the ability of self forming and self healing as well as provide multi hop wireless links with infrastructure support. Previous research has mainly been on intrusion detection techniques in multi hop networks since due to their ad hoc nature and no central control; it is harder to detect intrusion. This paper proposes an intrusion detection mechanism based on reasoning agents that takes advantage of the infrastructure support in mesh network.

Tags: Mobile and Wireless

Accurately Measuring Denial of Service in Simulation and Testbed Experiments 2008-11-12 Institute of Electrical and Electronics Engineers

Researchers in the Denial of Service (DoS) field lack accurate, quantitative and versatile metrics to measure service denial in simulation and testbed experiments. Without such metrics, it is impossible to measure severity of various attacks, quantify success of proposed defenses and compare their performance. Existing DoS metrics equate service denial with slow communication, low throughput, high resource utilization and high loss rate. These metrics are not versatile because they fail to monitor all traffic parameters that signal service degradation. They are not quantitative because they fail to specify exact ranges of parameter values that correspond to good or poor service quality. Finally, they are not accurate since they were not proven to correspond to human perception of service denial.

Tags: Intrusion - Tampering

DDoS Protection Service: Distributed Denial of Service (DDoS) 2008-10-28 Swisscom

Since the early days of the Internet, "Denial-of-service" (DoS) attacks have been a fact of life. The goal of these attacks is to restrict on a grand scale the availability of certain online systems and/or services or to deny service completely. Usually, in this type of attack, an attempt is made to cause the attacked systems to crash by exploiting vulnerabilities in operating systems, programs and services or basic design flaws in the network protocols in use via the Internet. The online systems can also be overloaded to the extent that they no longer function properly.

Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks 2008-10-01 National Tsing Hua University

Denial of service attacks occur when the attacks are from a single host, whereas distributed denial of service attacks occur when multiple affected systems flood the bandwidth or resources of a targeted system. Although it is not possible to exempt entirely from denial of service or distributed denial of service attacks, they can limit the malicious user by controlling the traffic flow. The paper proposes to monitor the traffic pattern in order to alleviate distributed denial of service attacks. A bandwidth allocation policy will be adopted to assign normal users to a high priority queue and suspected attackers to a low priority queue. Simulations conducted in network simulator of their proposed priority queue-based scheme shows its effectiveness in blocking attacking traffic while maintaining constant flows for legitimate traffic.

Tags: Intrusion - Tampering, Intrusion - Tampering

Denial of Service and Distributed Denial of Service Attack: Detection and Countermeasures 2008-09-25 Indian Institute of Technology Madras

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are specific attacks that attempt to prevent legitimate users from accessing networks, servers, services or other resources. Windows end-users and Internet routing technology have both become more frequent targets of intruder activity. The impacts of DoS attacks are causing greater collateral damage, and widespread automated propagation itself has become a vehicle for causing denial of service. While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years. This paper presents various techniques for detection and preventing against various DoS and DDoS attacks. Important features of each attack and defense system countermeasure strategy of each proposed scheme are outlined.

Tags: Security Administration, Intrusion - Tampering

Protecting SIP Proxy Servers From Ringing-Based Denial-of-Service Attacks 2008-09-17 University of Illinois

As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, the paper considers attacks that do not result in high incoming call traffic rates at the SIP proxy server.

Tags: Internet and Web, Intrusion - Tampering

Identification of Feature Denial of Services 2008-09-15 Technical University of Lisbon

Internet applications, such as Email, VoIP and WWW, have been enhanced with many features. However, the introduction and modification of features may result in undesired behaviors, and this effect is known as feature interaction-FI. FI resolution may be implemented by a Feature Manager, which is directed by a set of interdiction formulas. On the other hand, the approach by interdiction may eliminate all features candidate for execution, and this result on a feature denial of service. This paper analyzes how feature denial of service can be detected, with a design stage algorithm. The detection algorithm has a time complexity of the quadratic of interdiction formulas.

Tags: Software Development Tools, Intrusion - Tampering

Jump to 1 2 3 4 [5] 6 7 8 9 10

Title	Date Added	Company
Exception Triggered DoS Attacks on Wireless Networks	2009-01-01	Northwestern University
Security protocols are not as secure as one assumed. This paper identified a practical way to launch DoS attacks on security protocols by triggering exceptions. Through experiments, the author shows that even the latest strongly authenticated protocols such as PEAP, EAP-TLS and EAP-TTLS are vulnerable to these attacks. Real attacks have been implemented and tested against TLS-based EAP protocols, the major family of security protocols for Wireless LAN, as well as the Return Routability of Mobile IPv6, an emerging lightweight security protocol in new IPv6 infrastructure. DoS attacks on PEAP, one popular TLS-based EAP protocol were performed and tested on a major university's wireless network, and the attacks were highly successful. Tags: Intrusion - Tampering, Mobile and Wireless
CCTV.com Streams Beijing 2008 Content to 25 Million Online Users With F5 Solutions	2008-12-06	F5 Networks
CCTV.com is the Internet arm of China Central Television (CCTV), the largest broadcaster in mainland China. The challenge was to maintain infrastructure reliability during high traffic period of the Beijing 2008 Games, to ensure fast and secure user access to web content, to protect against DDoS attacks and to optimize server utilization. It deployed F5 BIG-IP Local Traffic Manager and F5 BIG-IP Global Traffic Manager. Tags: Security Administration, Intrusion - Tampering
Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks	2008-12-01	Institute of Electrical and Electronics Engineers
DNS amplification attacks utilize IP address spoofing and large numbers of open recursive DNS servers to perform the bandwidth consumption attack. During an attack, it ceaselessly fabricates DNS queries to the exploited open recursive DNS servers, and all the responses, often with larger size than the query messages, are reflected to the single victim due to the source IP address spoofing. While it is difficult to defend against this attack from the root causes by eliminating the open recursive DNS servers and IP spoofing for the whole Internet, this paper takes a different methodology to defend against it at the leaf router of victim's ISP or organization. The paper proposes an efficient and low-cost hardware approach to first detect the DNS amplification attack accurately and responsively. Tags: Intrusion - Tampering,
Detection of Denial of Service Attacks in Wireless Mesh Networks	2008-11-28	Carleton University
Mesh networks are a new technology that provide nodes with the ability of self forming and self healing as well as provide multi hop wireless links with infrastructure support. Previous research has mainly been on intrusion detection techniques in multi hop networks since due to their ad hoc nature and no central control; it is harder to detect intrusion. This paper proposes an intrusion detection mechanism based on reasoning agents that takes advantage of the infrastructure support in mesh network. Tags: Mobile and Wireless
Accurately Measuring Denial of Service in Simulation and Testbed Experiments	2008-11-12	Institute of Electrical and Electronics Engineers
Researchers in the Denial of Service (DoS) field lack accurate, quantitative and versatile metrics to measure service denial in simulation and testbed experiments. Without such metrics, it is impossible to measure severity of various attacks, quantify success of proposed defenses and compare their performance. Existing DoS metrics equate service denial with slow communication, low throughput, high resource utilization and high loss rate. These metrics are not versatile because they fail to monitor all traffic parameters that signal service degradation. They are not quantitative because they fail to specify exact ranges of parameter values that correspond to good or poor service quality. Finally, they are not accurate since they were not proven to correspond to human perception of service denial. Tags: Intrusion - Tampering
DDoS Protection Service: Distributed Denial of Service (DDoS)	2008-10-28	Swisscom
Since the early days of the Internet, "Denial-of-service" (DoS) attacks have been a fact of life. The goal of these attacks is to restrict on a grand scale the availability of certain online systems and/or services or to deny service completely. Usually, in this type of attack, an attempt is made to cause the attacked systems to crash by exploiting vulnerabilities in operating systems, programs and services or basic design flaws in the network protocols in use via the Internet. The online systems can also be overloaded to the extent that they no longer function properly.
Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks	2008-10-01	National Tsing Hua University
Denial of service attacks occur when the attacks are from a single host, whereas distributed denial of service attacks occur when multiple affected systems flood the bandwidth or resources of a targeted system. Although it is not possible to exempt entirely from denial of service or distributed denial of service attacks, they can limit the malicious user by controlling the traffic flow. The paper proposes to monitor the traffic pattern in order to alleviate distributed denial of service attacks. A bandwidth allocation policy will be adopted to assign normal users to a high priority queue and suspected attackers to a low priority queue. Simulations conducted in network simulator of their proposed priority queue-based scheme shows its effectiveness in blocking attacking traffic while maintaining constant flows for legitimate traffic. Tags: Intrusion - Tampering, Intrusion - Tampering
Denial of Service and Distributed Denial of Service Attack: Detection and Countermeasures	2008-09-25	Indian Institute of Technology Madras
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are specific attacks that attempt to prevent legitimate users from accessing networks, servers, services or other resources. Windows end-users and Internet routing technology have both become more frequent targets of intruder activity. The impacts of DoS attacks are causing greater collateral damage, and widespread automated propagation itself has become a vehicle for causing denial of service. While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years. This paper presents various techniques for detection and preventing against various DoS and DDoS attacks. Important features of each attack and defense system countermeasure strategy of each proposed scheme are outlined. Tags: Security Administration, Intrusion - Tampering
Protecting SIP Proxy Servers From Ringing-Based Denial-of-Service Attacks	2008-09-17	University of Illinois
As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, the paper considers attacks that do not result in high incoming call traffic rates at the SIP proxy server. Tags: Internet and Web, Intrusion - Tampering
Identification of Feature Denial of Services	2008-09-15	Technical University of Lisbon
Internet applications, such as Email, VoIP and WWW, have been enhanced with many features. However, the introduction and modification of features may result in undesired behaviors, and this effect is known as feature interaction-FI. FI resolution may be implemented by a Feature Manager, which is directed by a set of interdiction formulas. On the other hand, the approach by interdiction may eliminate all features candidate for execution, and this result on a feature denial of service. This paper analyzes how feature denial of service can be detected, with a design stage algorithm. The detection algorithm has a time complexity of the quadratic of interdiction formulas. Tags: Software Development Tools, Intrusion - Tampering

Cutting-edge technology from premium sponsors

Adaptive Threat Management
High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?
More resources to optimize the security of your enterprise »

Brought to you by:

More Tech Showcases:

Cisco Collaboration
Hitachi Eco-Products
Juniper Networks

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

ZDNet Asia Top Tech 50 Index

AT&T

Asustek

Canon

Convergys

Ericsson

Hewlett-Packard

Infosys

LogicaCMG

NTT

Samsung

SingTel Group

Toshiba

Xerox

Accenture

Atos Origin

Capgemini

Dell

France Telecom

Hitachi

Intel

Microsoft

Nokia

Satyam Computer Services

Sony

Verizon Communications

ZTE

Alcatel-Lucent

British Telecom

China Mobile

Deutsche Telekom

Fujitsu

Huawei Technologies

LG Electronics

Motorola

Oracle

Seagate Technology

Sun Microsystems

Western Digital

Apple

CSC

Cisco Systems

EMC

Google

IBM

Lenovo Group

NEC

SAP

Siemens IT Solutions & Services

Tata Consultancy Services

Wipro

ZDNet Asia's Top Tech Index will be next updated in 2010.

Overwhelmed by consolidation? Take it in steps.
Learn the 5 steps to data center consolidation - download the whitepaper now.

An Action Plan for Creating a Collaborative Enterprise
Download the eBook by Cisco now!

Choose a career with Accenture in Singapore
A dynamic job opportunity where technology and business intersect

Choose a career with Accenture in Malaysia
A dynamic job opportunity where technology and business intersect

NetIQ DRA live demonstration:
Learn how to improve your efficiency when administering Active Directory

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary Survey
Take our salary survey and be the first to view the 2010 IT Salary & Skills Report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds

Security

Featured Whitepapers

Member Login

Adaptive Threat Management

ZDNet Asia Top Tech 50 Index