Denial of Service - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Major Online Stock Broker Turns to Verizon Business to Help Stop a Potentially Devastating DDoS Attack 2008-04-01

Distributed Denial-of-Service (DDoS) attacks are often the weapon of choice for would-be criminals who target Internet sites. And, as a major online stock broker found out, the threat of a DDoS attack can be the perfect tool for extortion. For some time, a major online stock broker had been experiencing small DDoS attacks on a somewhat regular basis, but the disruptions to that point had been minimal. In an ominous development, the attacks suddenly became far more sophisticated in design and scale. Soon a notice arrived, demanding that a substantial monetary payment be made in order to stop the crippling attacks. Verizon Business immediately implemented its DoS Defense product to address the online broker's problems.

Tags: Security Administration, Intrusion - Tampering

Two Layer Denial of Service Prevention on SIP VoIP Infrastructures 2008-03-28 Reed Elsevier

The emergence of Voice over IP (VoIP) has offered numerous advantages for end users and providers alike, but simultaneously has introduced security threats, vulnerabilities and attacks not previously encountered in networks with a closed architecture like the Public Switch Telephone Network (PSTN). This paper proposes two layer architecture to prevent Denial of Service attacks on VoIP systems based on the Session Initiation Protocol (SIP). The architecture is designed to handle different types of attacks, including request flooding, malformed message sending, and attacks on the underlying DNS system. The effectiveness of the prevention mechanisms have been tested both in the laboratory and on a real live VoIP provider network.

Tags: Security Administration, Intrusion - Tampering

Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses 2008-03-23 Google

Distributed Denial-of-Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current woeful state of any viable defense mechanism, have made them one of the top threats to the Internet community today. While distributed packet logging and/or packet marking have been explored in the past for DDoS attack traceback/mitigation, the paper proposes to advance the state of the art by using a novel distributed divide-and-conquer approach in designing a new data dissemination architecture that efficiently tracks attack sources.

Tags: Security Administration, Intrusion - Tampering

A Principle of a Data Synthesizer for Performance Test of Anti-DDOS Flood Attacks 2008-03-17 Rensselaer Polytechnic Institute

Distributed Denial-Of-Service (DDOS) flood attacks remain a big issue in network security. Real events of DDOS flood attacks show that an attacked site (e.g., server) usually may not be overwhelmed immediately at the moment attack packets arrive at that site but sometime late. Therefore, a site has a performance to resist DDOS flood attacks. To test such a performance, data synthesizer is desired. This paper introduces a principle to synthesize packet series according to a given value of the Hurst parameter for performance test of anti-DDOS flood attacks.

Secure Health Monitoring Network Against Denial-of-Service Attacks Using Cognitive Intelligence 2008-02-15 Syracuse University

Secure and energy efficient transmission is a main concern in many wireless sensor network applications. In this paper, two types of denial-of-service attacks that affect the routing layer are analyzed and an energy efficient countermeasure is proposed. The performance of the application solely depends on accuracy and reliability of information updated in a timely fashion. The adaptive nature of network demands a cognitive algorithm, used in detecting and re-routing the information upon link failure due to physical, resource depletion or intrusion by an adversary. The proposed method, does not require any additional hardware, hence the survivability of the sensors is maintained, making the application robust, cost effective and energy efficient.

Tags: Intrusion - Tampering, Intrusion - Tampering

Combating Spam and Denial-of-Service Attacks With Trusted Puzzle Solvers 2008-02-13 Dartmouth College

Cryptographic puzzles can be used to mitigate spam and Denial-of-Service (DoS) attacks, as well as to implement timed-release cryptography. However, existing crypto puzzles are impractical because: solving them wastes computing resources and/or human time, the time it takes to solve them can vary dramatically across computing platforms, and/or applications become non-interoperable due to competition for resources when solving them. This paper proposes the use of Trusted Computing in constructing crypto puzzles. The puzzle constructions have none of the drawbacks above and only require each client machine to be equipped with a small tamper-resistant Trusted Puzzle Solver (TPS), which may be realized using the prevalent Trusted Platform Module (TPM) with minimal modifications.

Tags: Intrusion - Tampering, Intrusion - Tampering

Marshal Case Study: Cawthron 2008-01-10

Cawthron is New Zealand's largest, private, independent research organization. Cawthron staff increases led to the company's bandwidth consumption swelling to 50GB a month. Increased staff use of email and the Internet meant the organization was more exposed to email and web-borne threats, such as such as spam, phishing, spyware, viruses and DoS (Denial of Service) attacks. The threats themselves had also evolved and posed far greater security risks to organization. Cawthron selected MailMarshal SMTP and WebMarshal because of their highly granular content filtering capabilities, advanced control features such as spam categorization, antivirus and anti-spyware scanning technology and automated updated URL filter lists.

Tags: Intrusion - Tampering, Internet and Web

Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks 2008-01-01 Stanford University

Distributed Denial-of-Service flooding attacks against public web servers are increasingly common. Websites without the ability to over-provision or rely on a CDN are often overwhelmed by such attacks. Existing proposals to combat flooding within the network either require substantial changes to the Internet infrastructure, or the difficult task of identifying attack aggregates near the core. This paper presents an easy to deploy mechanism whereby a third party with high access to bandwidth can protect a web server against bandwidth exhaustion from illegitimate traffic. With this mechanism, all traffic to and from a web site is routed via a third party managed middlebox.

Tags: Network Technologies, Intrusion - Tampering

Programming Routers to Improve Network Security 2008-01-01 Universita degli Studi di Napoli Federico II

Denial of Service (DoS) attacks represent, in today's Internet, one of the most complex issues to address. This paper presents a novel approach to deal with Distributed DoS (DDoS) attacks in the Internet. The paper proposes a model for an Active Security System, comprising a number of components that actively cooperate in order to effectively react to a wide range of attacks. Functional to one's approach is a network signaling protocol, named Active Security Protocol, which allows a set of active routers to interact in order to isolate the sources of a DDoS attack even in the case of address spoofing. Deployment and tuning of the Active Security System are ideally suited to a Programmable Network environment.

Tags: Security Administration, Intrusion - Tampering

Preventing Internet Denial-of-Service With Capabilities 2008-01-01 University of Washington

This paper proposes a new approach to preventing and constraining Denial-of-Service (DoS) attacks. Instead of being able to send anything to anyone at any time, in one's architecture, nodes must first obtain "Permission to send" from the destination; a receiver provides tokens, or capabilities, to those senders whose traffic it agrees to accept. The senders then include these tokens in packets. This enables verification points distributed around the network to check that traffic has been certified as legitimate by both endpoints and the path in between, and to cleanly discard unauthorized traffic. The paper shows that the approach addresses many of the limitations of the currently popular approaches to DoS based on anomaly detection, traceback, and pushback.

Tags: Intrusion - Tampering

Jump to 1 2 3 4 5 6 [7] 8 9 10

Cutting-edge technology from premium sponsors

The Roots for a
Greener World

What are
Eco-Products? »

View Featured
Eco-Products »

Brought to you by:

More Tech Showcases:

Juniper Networks
Hitachi Eco-Products

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

Cloud Computing Summit 2009

9 Dec 2009

Hong Kong Convention and Exhibition Center

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

ZDNet Asia Top Tech 50 Index

AT&T

Asustek

Canon

Convergys

Ericsson

Hewlett-Packard

Infosys

LogicaCMG

NTT

Samsung

SingTel Group

Toshiba

Xerox

Accenture

Atos Origin

Capgemini

Dell

France Telecom

Hitachi

Intel

Microsoft

Nokia

Satyam Computer Services

Sony

Verizon Communications

ZTE

Alcatel-Lucent

British Telecom

China Mobile

Deutsche Telekom

Fujitsu

Huawei Technologies

LG Electronics

Motorola

Oracle

Seagate Technology

Sun Microsystems

Western Digital

Apple

CSC

Cisco Systems

EMC

Google

IBM

Lenovo Group

NEC

SAP

Siemens IT Solutions & Services

Tata Consultancy Services

Wipro

ZDNet Asia's Top Tech Index will be next updated in 2010.

Overwhelmed by consolidation? Take it in steps.
Learn the 5 steps to data center consolidation - download the whitepaper now.

Choose a career with Accenture in Singapore
A dynamic job opportunity where technology and business intersect

Choose a career with Accenture in Malaysia
A dynamic job opportunity where technology and business intersect

Improving the Security & Management of Active Directory:
See a live demonstration of NetIQ DRA now

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Master in Organisational Leadership
Part-time masters program from Monash University. Find out more.

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary & Skills Report 2009
Join activeTechPros for free access to the report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds

Title	Date Added	Company
Major Online Stock Broker Turns to Verizon Business to Help Stop a Potentially Devastating DDoS Attack	2008-04-01
Distributed Denial-of-Service (DDoS) attacks are often the weapon of choice for would-be criminals who target Internet sites. And, as a major online stock broker found out, the threat of a DDoS attack can be the perfect tool for extortion. For some time, a major online stock broker had been experiencing small DDoS attacks on a somewhat regular basis, but the disruptions to that point had been minimal. In an ominous development, the attacks suddenly became far more sophisticated in design and scale. Soon a notice arrived, demanding that a substantial monetary payment be made in order to stop the crippling attacks. Verizon Business immediately implemented its DoS Defense product to address the online broker's problems. Tags: Security Administration, Intrusion - Tampering
Two Layer Denial of Service Prevention on SIP VoIP Infrastructures	2008-03-28	Reed Elsevier
The emergence of Voice over IP (VoIP) has offered numerous advantages for end users and providers alike, but simultaneously has introduced security threats, vulnerabilities and attacks not previously encountered in networks with a closed architecture like the Public Switch Telephone Network (PSTN). This paper proposes two layer architecture to prevent Denial of Service attacks on VoIP systems based on the Session Initiation Protocol (SIP). The architecture is designed to handle different types of attacks, including request flooding, malformed message sending, and attacks on the underlying DNS system. The effectiveness of the prevention mechanisms have been tested both in the laboratory and on a real live VoIP provider network. Tags: Security Administration, Intrusion - Tampering
Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses	2008-03-23	Google
Distributed Denial-of-Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current woeful state of any viable defense mechanism, have made them one of the top threats to the Internet community today. While distributed packet logging and/or packet marking have been explored in the past for DDoS attack traceback/mitigation, the paper proposes to advance the state of the art by using a novel distributed divide-and-conquer approach in designing a new data dissemination architecture that efficiently tracks attack sources. Tags: Security Administration, Intrusion - Tampering
A Principle of a Data Synthesizer for Performance Test of Anti-DDOS Flood Attacks	2008-03-17	Rensselaer Polytechnic Institute
Distributed Denial-Of-Service (DDOS) flood attacks remain a big issue in network security. Real events of DDOS flood attacks show that an attacked site (e.g., server) usually may not be overwhelmed immediately at the moment attack packets arrive at that site but sometime late. Therefore, a site has a performance to resist DDOS flood attacks. To test such a performance, data synthesizer is desired. This paper introduces a principle to synthesize packet series according to a given value of the Hurst parameter for performance test of anti-DDOS flood attacks.
Secure Health Monitoring Network Against Denial-of-Service Attacks Using Cognitive Intelligence	2008-02-15	Syracuse University
Secure and energy efficient transmission is a main concern in many wireless sensor network applications. In this paper, two types of denial-of-service attacks that affect the routing layer are analyzed and an energy efficient countermeasure is proposed. The performance of the application solely depends on accuracy and reliability of information updated in a timely fashion. The adaptive nature of network demands a cognitive algorithm, used in detecting and re-routing the information upon link failure due to physical, resource depletion or intrusion by an adversary. The proposed method, does not require any additional hardware, hence the survivability of the sensors is maintained, making the application robust, cost effective and energy efficient. Tags: Intrusion - Tampering, Intrusion - Tampering
Combating Spam and Denial-of-Service Attacks With Trusted Puzzle Solvers	2008-02-13	Dartmouth College
Cryptographic puzzles can be used to mitigate spam and Denial-of-Service (DoS) attacks, as well as to implement timed-release cryptography. However, existing crypto puzzles are impractical because: solving them wastes computing resources and/or human time, the time it takes to solve them can vary dramatically across computing platforms, and/or applications become non-interoperable due to competition for resources when solving them. This paper proposes the use of Trusted Computing in constructing crypto puzzles. The puzzle constructions have none of the drawbacks above and only require each client machine to be equipped with a small tamper-resistant Trusted Puzzle Solver (TPS), which may be realized using the prevalent Trusted Platform Module (TPM) with minimal modifications. Tags: Intrusion - Tampering, Intrusion - Tampering
Marshal Case Study: Cawthron	2008-01-10
Cawthron is New Zealand's largest, private, independent research organization. Cawthron staff increases led to the company's bandwidth consumption swelling to 50GB a month. Increased staff use of email and the Internet meant the organization was more exposed to email and web-borne threats, such as such as spam, phishing, spyware, viruses and DoS (Denial of Service) attacks. The threats themselves had also evolved and posed far greater security risks to organization. Cawthron selected MailMarshal SMTP and WebMarshal because of their highly granular content filtering capabilities, advanced control features such as spam categorization, antivirus and anti-spyware scanning technology and automated updated URL filter lists. Tags: Intrusion - Tampering, Internet and Web
Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks	2008-01-01	Stanford University
Distributed Denial-of-Service flooding attacks against public web servers are increasingly common. Websites without the ability to over-provision or rely on a CDN are often overwhelmed by such attacks. Existing proposals to combat flooding within the network either require substantial changes to the Internet infrastructure, or the difficult task of identifying attack aggregates near the core. This paper presents an easy to deploy mechanism whereby a third party with high access to bandwidth can protect a web server against bandwidth exhaustion from illegitimate traffic. With this mechanism, all traffic to and from a web site is routed via a third party managed middlebox. Tags: Network Technologies, Intrusion - Tampering
Programming Routers to Improve Network Security	2008-01-01	Universita degli Studi di Napoli Federico II
Denial of Service (DoS) attacks represent, in today's Internet, one of the most complex issues to address. This paper presents a novel approach to deal with Distributed DoS (DDoS) attacks in the Internet. The paper proposes a model for an Active Security System, comprising a number of components that actively cooperate in order to effectively react to a wide range of attacks. Functional to one's approach is a network signaling protocol, named Active Security Protocol, which allows a set of active routers to interact in order to isolate the sources of a DDoS attack even in the case of address spoofing. Deployment and tuning of the Active Security System are ideally suited to a Programmable Network environment. Tags: Security Administration, Intrusion - Tampering
Preventing Internet Denial-of-Service With Capabilities	2008-01-01	University of Washington
This paper proposes a new approach to preventing and constraining Denial-of-Service (DoS) attacks. Instead of being able to send anything to anyone at any time, in one's architecture, nodes must first obtain "Permission to send" from the destination; a receiver provides tokens, or capabilities, to those senders whose traffic it agrees to accept. The senders then include these tokens in packets. This enables verification points distributed around the network to check that traffic has been certified as legitimate by both endpoints and the path in between, and to cleanly discard unauthorized traffic. The paper shows that the approach addresses many of the limitations of the currently popular approaches to DoS based on anomaly detection, traceback, and pushback. Tags: Intrusion - Tampering

Security

Featured Whitepapers

Member Login

The Roots for aGreener World

ZDNet Asia Top Tech 50 Index

The Roots for a
Greener World