SEC 572 iLab Assignment 1 of 6: Network Attacks

Document Content and Description Below

SEC 572 iLab Assignment 1 of 6: Network Attacks ABSTRACT Denial of service (DoS) attacks has turn into a noteworthy danger to current PC systems. To have a superior seeing on DoS attacks, thi... s article gives an outline on existing DoS attacks and significant barrier advances in the Internet and remote systems. Specifically, we portray system based and host based DoS attack procedures to delineate attack standards. DoS attacks are grouped by significant attack attributes. Current counterattack advances are additionally assessed, A attacks to dispatch their rivals in the business sector. Blackmail by means of DoS attacks were on ascend in the previous years (Pappalardo et al. 2005). Assailants debilitated online organizations with DoS attacks and asked for installments for insurance. Known DoS in the Internet by and large vanquish the objective by depleting its assets, that can be anything identified with system figuring and administration execution; for example, join transmission capacity, TCP association cradles, application/administration cushion, CPU cycles, and so on. Singular aggressors can additionally misuse weakness, break into target servers, and afterward cut down administrations. Since it is troublesome for aggressors to over-burden the objective's asset from a solitary PC, numerous late DoS attacks were propelled by means of a substantial number of appropriated attacking has in the Internet. These attacks are called disseminated disavowal of administration (DDoS) attacks. In a DDoS attacks, in light of the fact that the collection of the attacking activity can be colossal contrasted with the casualty's asset, the attacks can constrain the casualty to essentially downsize its administration execution or even stop conveying any administration. Contrasted and ordinary DoS attacks that could be tended to by better securing administration frameworks or restricting unapproved remote or nearby get to, DDoS attacks are more unpredictable and harder to counteract. Since numerous unwitting hosts are included in DDoS attacks, it is trying to recognize the attacking has and take response against them. In late years, DDoS attacks have expanded in recurrence, complexity and seriousness because of the truth that PC vulnerabilities are expanding quickly (CERT 2006, Houle et al. 2001), which empower aggressors to break into and introduce different attacking devices in numerous. Remote systems likewise experience the ill effects of DoS attacks in light of the fact that portable hubs, (for example, tablets, cell telephones, and so forth.) have the same physical media for transmitting and getting signs; and portable processing assets, (for example, transfer speed, CPU and force) are typically more compelled than those accessible to wired hubs. In a remote system, a solitary aggressor can without much of a stretch produce, change on the other hand infuse bundles to upset associations between honest to goodness portable hubs and reason DoS impacts. In this article, we will give a diagram on existing DoS attacks and real guard advancements. The article is sorted out as takes after. In Section II, real DoS attacks systems in the Internet are diagramed. We likewise examine the reasons why a DoS attacks can succeed and why barrier is troublesome. In Section III, a scientific classification of DDoS attacks is examined by real attack qualities. In Section IV, late DDoS guard advancements are outlined as indicated by their organization areas. In Section V, DoS attacks and guards in remote systems are examined by system layers. OVERVIEW OF DOS ATTACKS IN THE INTERNET: In this section, we overview the common DDoS attack techniques and discuss why attacks Succeed fundamentally. Attack Techniques: Numerous attack procedures can be utilized for DoS reason the length of they can impair administration or Downsize administration execution by debilitating assets for giving administrations. Despite the fact that it is Difficult to specify all current attack strategies, we depict a few agent System based and host based attacks in this area to delineate attack principles. Peruses can Likewise discover reciprocal data on DoS attacks in Handley et al. 2006 and Mirkovic et al. 2005. Network Based Attacks: TCP SYN Flooding. DoS attacks regularly abuse tasteful system conventions (Jian 2000, Shannon et al. 2002), in light of the fact that these conventions expend assets to look after states. TCP SYN flooding is one of such attacks and had a wide effect on numerous frameworks. At the point when a customer endeavors to set up a TCP association with a server, the customer first sends a SYN message to the server. The server then recognizes by sending a SYN-ACK message to the customer. The customer finishes the foundation by reacting with an ACK message. The association between the customer and the server is then opened, and the administration particular information can be traded between them. The misuse emerges at the half-open state when the server is sitting tight for the customer's ACK message after sending the SYN-ACK message to the customer (CERT 1996). The server needs to designate memory for putting away the data of the half-open association. The memory won't be discharged until either the server gets the last ACK message or the half-open association terminates. Attacking hosts can without much of a stretch make half-open associations through caricaturing source IPs in SYN messages or disregarding SYN-ACKs. The result is that the last ACK message will never be sent to the casualty. Since the casualty typically just allots a constrained size of space in its procedure table, as well some half-open associations will soon fill the space. Despite the fact that the half-open associations will inevitably terminate because of the timeout, zombies can forcefully send caricature TCP SYN bundles asking for associations at a much higher rate than the lapse rate. At long last, the casualty will be not able to acknowledge any new approaching association and in this manner can't give administrations. ICMP Smurf Flooding. ICMP is frequently used to figure out whether a PC in the Internet is reacting. To accomplish this errand, an ICMP reverberation demand parcel is sent to a PC. On the off chance that the PC gets the solicitation bundle, it will give back an ICMP reverberate answer parcel. In a smurf attack, attacking hosts manufacture ICMP reverberation solicitations having the casualty's location as the source address and the show location of these remote systems as the destination address (CERT 1998). As delineated in Figure 1, if the firewall or switch of the remote system does not channel the uncommon made parcels, they will be conveyed (show) to all PCs on that system. These PCs will then send ICMP reverberate answer parcels back to the source (i.e., the casualty) conveyed in the solicitation bundles. The casualty's system is in this manner congested. UDP Flooding. By fixing or upgrading the execution of TCP and ICMP conventions, current systems and frameworks have joined new security elements to forestall TCP and ICMP attacks. By the by, aggressors might just send a lot of UDP parcels towards a casualty. Since a moderate system can convey higher activity volume than the casualty system can deal with, the flooding movement can debilitate the casualty's association assets. Immaculate flooding can be finished with any kind of bundles. Assailants can likewise decide to surge administration asks for so that the casualty can't deal with all solicitations with its obliged assets (i.e., administration memory or CPU cycles). Note that UDP flooding is like glimmer group that happen when a substantial number of clients attempt to get to the same server at the same time. Be that as it may, the expectation and the activating components for DDoS attacks and glimmer group are diverse. Discontinuous Flooding. Assailants can further tune their flooding activities to lessen the normal Flooding rate to a low level while accomplishing identical attack affects on true blue TCP Associations. In vixen attacks (Kuzmanovic et al. 2003), attacking hosts can surge parcels in a Burst to block and upset existing TCP associations. Since all upset TCP associations will Hold up a particular period (called retransmission-time-out (RTO)) to retransmit lost bundles, Attacking hosts can surge bundles at the following RTO to disturb retransmission. In this way, attacking hosts can synchronize their flooding at the accompanying RTOs and handicap honest to goodness TCP associations as portrayed in Figure 2. Such coordinated effort among attacking has not just lessens general flooding activity, additionally aides keep away from location. Comparative attack procedures focusing on administrations with blockage control systems for Quality of Service (QoS) have been found by Guirguis et al. (2005). At the point when a QoS empowered server gets a burst of administration solicitations, it will incidentally throttle approaching solicitations for a period until past solicitations have been prepared. Accordingly, aggressors can surge demands at a pace to keep the server throttling the approaching solicitations what's more, accomplish the DoS impact. Guirguis' study demonstrated that a burst of 800 solicitations can cut down a web server for 200 seconds, and along these lines the normal flooding rate could be as low as 4 solicitations for each second. Host Based Attacks: Other than abusing system conventions, aggressors can likewise dispatch DoS attacks by means of misusing vulnerabilities in target's applications and frameworks. Not quite the same as system based attacks, this kind of attacks are application particular, i.e., misusing specific calculations (Crosby et al. 2003), memory structure (Cowan et al. 2003), validation conventions (Dean et al. 2001, Zhang et al. 2005), usage (CERT 1997), and so on. Attacks can be propelled either from a solitary host as a routine interruption or from various has as a system based DDoS attack. The activity of host based attacks may not be as high as system based attacks, in light of the fact that application defects and insufficiencies can without much of stretch accident applications or expend a huge measure of PC assets. A few illustration attacks are depicted as takes after. Senior member et al. (2001) distinguished that assailants could without much of a stretch mastermind an attack such that E-business sites stay accessible; however customers are not able to finish any buy. Such an attack is taking into account pursuing the safe server that procedures Visa installments. In such E-trade applications, the SSL/TLS convention is utilized to make secure associations in the middle of customers and servers. The convention permits a customer to ask for the server to perform a RSA decoding. RSA unscrambling is a costly operation. Case in point, a huge secure site can prepare a couple thousand RSA decoding for each second. In the event that a SSL handshake solicitation takes 200 bytes and a server can handle 5000 decoding for each second, 1MB/s of solicitations is adequate to incapacitate an Ecommerce site, which is a difficult to-notice little measure of activity. Aggressors can likewise send substantial modulo values through customer testaments to expand the RSA processing per verification. Thus, shared validation isn't possible rapidly and administration execution is downsized. Analysts additionally found that assailants could abuse algorithmic lacks in numerous Applications' information structures to dispatch low-data transmission DoS attacks (Crosby et al. 2003). Since numerous as often as possible utilized information structures have "normal case" expected running time that is significantly more effective than the most pessimistic scenario, aggressors can precisely pick inputs to create the most exceedingly awful situation in information structures. Crosby et al. shown this sort of DoS attacks against the hash table Executions. Ordinarily, embeddings n inputs into a hash table obliges O (n) processing on Normal. Be that as it may, inputs could impact on the off chance that they have the same hash esteem. At that point, a few applications utilization open tending to fathom the impact through after a deterministic system to test for vacant hash table sections. In the most pessimistic scenario where all n inputs impact, O (n2) calculation will be needed. Crosby et al. found that aggressors can without much of a stretch figure out such impact inputs in some hash calculations, and showed that aggressors could bring down two renditions of Perl, the Squid web intermediary, and the Bro interruption identification framework by means of inputting strings that crash to crash the basic hash tables in these applications. Attack Network: Many recent DoS attacks (also called DDoS attacks) were launched from distributed attacking Hosts. A DDoS attack is launched in two phases. First, an attacker builds an attack network Which is distributed and consists of thousands of compromised computers (called zombies, bots, Or attacking hosts). Then, the attacking hosts flood a tremendous volume of traffic towards Victims either under the command of the attacker or automatically. To build an attack network, the attacker looks for computers that are poorly secured, such as Those not having been properly patched. In general, a vulnerable host can be compromised via Two types of approaches. One is to entice users to run malicious programs, such as a virus, a Spyware, or a Trojan horse carried in malicious emails, files, or web pages. The other approach is Via automated malicious programs, such as worms that can automatically scan vulnerable remote Computers. The vulnerability in these computers is then exploited to allow the attacker to break Into and install DoS attacking programs that further scan other hosts, install backdoors and flood Packets. The attacker is thus called the master of these compromised computers (zombies). Some DoS programs have the ability to register the compromised computer as a member in the attack Network controlled by the attacker. In addition, the newly compromised computers will Automatically repeat the scanning and exploiting process to look for other vulnerable computers. Because of the self-propagation, a large attack network can quickly be built to include hundreds Or thousands of computers. BotNet (Honeynet 2005) is an example of attack networks (depicted in Figure 4) in which an attacker controls a large number of zombies. In the attack network, zombies are called bots. Why a DoS/DDoS Attack May Succeed: The design of the Internet is one of the fundamental reasons for successful DoS attacks. The Internet is designed to run end-to-end applications. Routers are expected to provide the best effort Packet forwarding, while the sender and the receiver are responsible for achieving desired Service guarantees such as quality of service and security. Accordingly, different amounts of Resources are allocated to different roles. Routers are designed to handle large throughput that Leads to the design of high bandwidth pathways in the intermediate network. On the contrary, End hosts may be only assigned as much bandwidth as they need for their own applications. Consequently, each end host has less bandwidth than routers. Attackers can misuse the abundant Resources in routers for delivery of numerous packets to a target. TAXONOMY OF DOS/DDOS ATTACKS IN THE INTERNET: In this section, DoS attacks are classified based on the material presented by Mirkovic et al. (2004). Interested readers can obtain further information on DDoS attacks from Mirkovic’s book (Mirkovic et al. 2005). The classification is according to the major characteristics of DDoS Attacks: 1) how attackers (or zombies) scan vulnerable computers, 2) how attack packets are Spoofed, 3) what attack targets are, and 4) what attack impacts are. Scanning Random Scanning Hitlist Scanning Signpost Scanning Permutation Scanning Spoofing Spoofing techniques define how the attacker chooses the spoofed source address in its attack Packets. Spoofing attackers can choose one of the three approaches as depicted Random Spoofing Attackers can spoof random source addresses in attack packets since this can simply be achieved By generating random 32-bit numbers and stamping packets with them. Attackers may also Choose more sophisticated spoofing techniques, such as subnet spoofing, Subnet Spoofing In subnet spoofing, the attacker spoofs a random address within the address space of the sub network. For example, a computer in a C-class network could spoof any address with the same Prefix. It is impossible to detect this type of spoofing anywhere in the Internet. Subnet spoofing Is useful for the attackers that compromise machines on networks running ingress filtering. A Possible defense against this type of spoofing is to bind the IP address, the MAC address and the Network port of each computer in the sub network. Fixed Spoofing Different from the other two spoofing techniques, the spoofed address is the address of the Target. For example, an attacker performing a smurf attack spoofs the victim’s address so that ICMP ECHO packets will be reflected to the victim. Target Although most DoS attacks work via exhausting resources, the actual target to deny services Varies. The target could be the server application, the network access, or the network Infrastructure. Server Application An application attack targets a given application on the victim (normally a server), thus disabling Legitimate clients to use the service and possibly tying up resources of the host machine. Nevertheless, if the victim can well separate the resources for different applications. DDOS DEFENSES IN THE INTERNET: In this section, we overview products that have been deployed with an emphasis on their Functionalities and principles. Then, we will focus our discussion on recent defense technologies Proposed by researchers, and categorize them according to where they could be deployed. Defense Technologies in Deployment: In response to DDoS attacks, a variety of commercial products have been developed and Deployed by networking and security manufactures, mainly including intrusion detection systems (IDSs), firewalls and security enhanced routers. These devices are normally deployed between The Internet and servers so that they can monitor incoming and outgoing traffic and take Appropriate actions to protect servers. Fundamental technologies inside these devices include Traffic analysis, access control, packet filtering, address blocking, redundancy.IDSs typically log incoming traffic and make statistics from traffic traces. For example, CISCO IOS Net Flow (CISCO 2006a) can account network traffic and usage and provide valuable Information about network users and applications, peak usage times, and traffic routing. Traffic Traces and statistics can be compared to baseline traffic profiles to identify potential DoS attacks. In the past, most DDoS attacks caught attention due to abnormal conditions of the victim Network, such as high traffic volume targeting at a certain port, slowing down of target servers, Or high dropping rates of service requests. In addition, well-known DoS attack signatures (e.g. TCP SYN flooding) can also be captured to raise alerts. Although a few practical solutions and products have been deployed, many problems still exist. First, it is hard to distinguish flash crowds from flooding traffic. For example, firewalls may not Prevent attacks against port 80 (web service) of servers, because many packets are just web Surfing traffic to the web sites hosted by the target servers. Second, when flooding traffic is Mitigated through filtering and rate-limiting mechanisms, some portion of the legitimate traffic May also be discarded. Access control lists may be setup on wrong information as well, because Flooding packets may spoof addresses. Third, firewalls and routers can be easily overwhelmed Under DDoS attack. They may be slowed down or congested. If they cannot forward incoming Packets to servers, attackers also achieve DoS effects. Fourth, existing products act on their own Without any control over other routers. Even if a border router or firewall has identified the Upstream routers where flooding packets are coming, it is not easy to ask the owners of upstream Routers (e.g., telecom companies or internet service providers) to throttle some specific traffic Flows. Observing these problems, researchers have proposed quite a few DDoS defense technologies recently. In the following, we present them according to the location where they could be deployed. Attacker Side Defenses: Since source address spoofing plays an important role in DDoS attacks, restricting the source Address of the traffic to known prefixes is a straightforward idea. Ingress filtering is a Representative technique (Ferguson et al. 1998) based on this idea. As depicted in Figure 5, an Attacker resides within a C-class network 152.152.152.0/24. The gateway of the network, which Provides connectivity to the attacker's network, only allows traffic originating from source Addresses with the 152.152.152.0/24 prefix, while prohibiting an attacker from using "invalid" Source addresses which reside outside of this prefix range (e.g., 192.100.201.20). This technique Can well prevent random address spoofing and fixed address spoofing. The idea of filtering Packets according to their source addresses is also applicable in Internet routers (Li et al. 2002, Park et al. 2001). SAVE (Li et al. 2002) enforces routers to build and maintain an incoming table For verifying whether each packet arrives at the expected interface. Obviously, ingress filtering Does not preclude an attacker using a forged source address of another host within the permitted Prefix filter range (i.e., subnet address spoofing). Nevertheless, when an attack of subnet address Spoofing occurs, a network administrator can be sure that the attack is actually originating from Within the known prefixes that are being advertised D-WARD (Mirkovic et al. 2002) is another technique on the attacker side that prevents the Machines from participating in DDoS attacks. D-WARD monitors two-way traffic between the Internal addresses and the rest of the Internet. Statistics of active traffic are kept in a connection Hash table and compared to predefined models of normal traffic, and non-complying flows are Rate-limited. The imposed rate limit is dynamically adjusted as flow behavior changes, in order to Facilitate fast recovery of misclassified legitimate flows and severely limit ill-behaved aggressive Flows that is likely to be a part of an attack. Due to the limited size of the hash table, D-WARD Can possibly discard packets of legitimate traffic during a DDoS attack where many malicious Flows are present. D-WARD also needs to be able to monitor traffic in both incoming and Outgoing directions, which may be not realistic when a network has several, border routers. DWARD, Similar to other attacker side defense systems, can only limit attack traffic from the Networks where it is deployed. Attackers can still perform successful DDoS attacks from Networks that is not equipped with D-WARD system. Because attacking sources are randomly Distributed, it is thus necessary to deploy attack side defense systems in as many networks as Possible so that DDoS attacks can be fully controlled at source. DOS ATTACKS AND DEFENSES IN WIRELESS NETWORKS: Wireless networks are taking a more important role today. As these networks gain popularity, Providing security and trustworthiness will become an issue of critical importance. We discuss DoS attacks and defense in wireless networks according to the three lower network layers in this Section. Attacks at and above the transport layer in wireless network are similar to attacks in the Internet. Note that our focus is on IEEE 802.11 based wireless networks, which is a family of Physical and MAC protocols used in many hotspot, ad hoc and sensor networks. Physical Layer Attacks and Defenses: The shared nature of the wireless medium allows attackers to easily observe communications Between wireless devices and launch simple DoS attacks against wireless networks by jamming Or interfering communication. Such attacks in the physical layer cannot be addressed through Conventional security mechanisms. An attacker can simply disregard the medium access protocol And continually transmit in a wireless channel. By doing so, the attacker either prevents users From being able to commit legitimate MAC operations or introduces packet collisions that force Repeated backoffs. Xu et al. (2005) studied four jamming attack models that can be used by an Adversary to disable the operation of a wireless network and observed that signal strength and Carrier sensing time is unable to conclusively detect the presence of a jammer. It is also found That packet delivery ratio may help differentiate between congestion and jamming scenarios but Cannot help defenders to conclude whether poor link utility is due to jamming or the mobility of Nodes. To address the jamming attacks, Xu et al. (2005) proposed two enhanced detection Protocols. One scheme employs signal strength measurements as a reactive consistency check for Poor packet delivery ratios, and the other employs location information to serve as the Consistency check. MAC Layer Attacks and Defenses: In the MAC layer, the defects of MAC protocol messages and procedures of a MAC protocol can Be exploited by attackers. Bellardo et al. (2003) discussed vulnerabilities on authentication and Carrier sense and showed that attackers can provide bogus information or misuse the carrier sense Mechanism to deceive normal nodes. For example, attackers can forge deauthentication or Disassociation packets to break the connections between nodes and access points or send Ready- To-Send and Clear-To-Send packets with a forged duration to suppress the transmission of Nearby nodes. Attackers can disobey the backoff procedure so that they always get the first Chance to send RTS right after the end of last transmission. Gu et al. (2004) analyzed how the Attackers can exhaust bandwidth by using large junk packets without breaking the MAC Protocol. The attackers can use certain packet generation and transmission behavior to obtain More bandwidth than other normal nodes. Wullems et al. (2004) identified that attackers can Exploit the Clear Channel Assessment function of the 802.11 protocol to suppress other nodes With the illusion of a busy channel. Bellardo et al. (2003) suggested that extending explicit Authentication to 802.11 control packets would be a solution to prevent attackers from easily Forging the protocol control packets. Networking Layer Attacks and Defenses: DoS attacks in the network layer mainly focus on exploiting routing and forwarding protocols in Wireless networks. In particular, ad hoc and sensor networks are susceptible to these attacks. It is Also noticed that network layer DoS attacks in wireless networks are very different from the Attacks in the Internet. Because routers in wireless networks are computers that could be Compromised as end hosts, network layer DoS attacks in wireless networks can be launched by Any computer in the network. In addition, DoS defense techniques in the Internet that demand the Cooperation of routers is no longer valid. Routing Attacks and Defenses: Researchers have shown that attackers can manipulate ad hoc network routing protocols (such as DSR (Johnson et al. 2002) and AODV (Perkins et al. 2002)) to break valid routes and Connections (Hu et al. 2002, 2003). For example, if attackers change the destination IP address in The route request message, the victim cannot establish a route to its destination and thus cannot Access services. Hence, the security of routing protocols is the solution for defending routing based DoS attacks. In order to prevent attackers from exploiting the security flaws in routing Protocols, several secure routing protocols have been proposed to protect the routing messages And thus prevent DoS attacks. For example, Hu et al. (2002) proposed to use TESLA (Perrig et al. 2002), which is a symmetric broadcast authentication protocol, in routing discovery to secure routing protocols. When a source sends a route request, it authenticates the request with its own TESLA to prevent attackers from forging or modifying the request. Forwarding Attacks and Defenses: Similar to routing attacks, attackers can also exploit forwarding behavior. Typical attacking approaches include injecting junk packets, dropping packets, and disorder packets in legitimate packets. Attackers can use spoofed packets to disguise their attacking behavior, or find partners to deceive defenders. The objective is to exhaust bandwidth (Gu et al. 2005) or disrupt connection (Aad et al. 2004) so that service cannot be delivered. To prevent attackers from spoofing and flooding packets in wireless networks, hop-by-hop source authentication is needed so that every node participates in the protection of the network. Ye et al. (2004) proposed a statistic filtering scheme that allows en route nodes to filter out false data packets with some probability. This approach will not filter packets that do not carry keys that the en route nodes have, but will discard them at the destination. Zhu et al. (2004) proposed an interleaved hop-by-hop authentication scheme that guarantees that false data packets will be detected and dropped within a certain number of hops, although the scheme does not tolerate the change of routers. Gu et al. (2005) proposed another hop-by-hop source authentication approach with a higher overhead to ensure that a packet can be verified when a route is changed due to unreliability in wireless networks. In this approach, the routing node at which a new route diverges from the old route takes the responsibility of authenticating the packets. The routing nodes in the new route can then verify the packets based on the new authentication information. CONCLUSION: In this article, we overviewed existing DoS attacks and defense technologies in the Internet and wireless networks. DoS attackers exploit flaws in protocols and systems to deny access of target services. Attackers also control a large number of compromised hosts to launch DDoS attacks. Simply securing servers are no longer enough to make service available under attack, since DoS attack techniques are more complicated and many unwitting hosts are involved in DoS attacks. By reviewing several existing DoS attack techniques and classifying them, this chapter highlighted challenges of DoS defense from characteristics of DoS attacks. For defenders, it is difficult to decide whether a packet is spoofed, to prevent a host from being compromised and controlled, to ask upstream routers to filter unwanted traffic, and to keep defenders themselves from DoS attacks. This article reviews current DoS defense solutions in deployment and in research. They are trying to address one or several problems in DoS defense, for instance, how to distinguish legitimate traffic from flooding traffic, how to identify or trace true attacking hosts, how to filter or control flooding traffic as close as possible to attacking sources, and how to allow routers to collaborate in defense. These solutions can handle some but not all DoS attacks due to their design principles, deployment issues, etc. New DoS attack techniques may also invalidate these solutions. This chapter acknowledged these innovative ideas and provided a fundamental understanding for developing new solutions. Different from the Internet, wireless networks have their own unique DoS attacks due to the fact that wireless is an open communication approach and mobile devices can function as routers in wireless networks. DoS attacks in wireless networks extend to the scope not viable in the Internet. The existing defense approaches illustrate that security countermeasures should be studied and incorporated into wireless protocols at lower layers, and mobile hosts should actively and collaboratively participate in protecting their wireless networks. Cross References: 1. Aad, I., Hubaux, J.P., and Knightly, E. (2004). Denial of service resilience in ad hoc networks. Proceedings of ACM Mobicom. ACM Press, New York. 2. Aljifri, H., Smets, M., and Pons A. (2003). IP Traceback using header compression. Computers & Security, Vol. 22(2), pp. 136-151. 3. Andersen, D. G. (2003). Mayday: distributed filtering for Internet services. Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems. USENIX Press, Berkeley, CA. 4. Anderson, T., Roscoe, T., and Wetherall, D. (2003). Preventing Internet Denial of Service with Capabilities. Proceedings of HotNets-II. ACM Press, New York. 5. Argyraki, K., and Cheriton, D. R. (2005). Active Internet traffic filtering: real-time response to denial-of-service attacks. Proceedings of the USENIX Annual Technical Conference. USENIX Press, Berkeley, CA. 6. Aura, T., Nikander, P., and Leiwo, J. (2000). Dos-resistant authentication with client puzzles. Proceedings of Security Protocols Workshop, Lecture Notes in Computer Science, 7. Bellardo, J., and Savage, S. (2003) 802.11 denial-of-service attacks: real vulnerabilities and practical solutions. Proceedings of USENIX Security Symposium, 15-28. USENIX Press, Berkeley, CA. 8. Bernstein, D. J. (1996) SYN cookies. Available at: http://cr.yp.to/syncookies.html. 9. Bro (2006) Bro Intrusion Detection System. Available at: http://bro-ids.org/. 10. CERT (1996). CERT Advisory CA-1996-21 TCP SYN flooding and IP spoofing attacks. Available at: http://www.cert.org/advisories/CA-1996-21.html. 11. CERT (1997). CERT Advisory CA-1997-28 IP Denial-of-Service Attacks. Available at: http://www.cert.org/advisories/CA-1997-28.html. 12. CERT (1998). CERT Advisory CA-1998-01 Smurf IP denial-of-service attacks. Available at: http://www.cert.org/advisories/CA-1998-01.html. [Show More]

Last updated: 1 year ago

Preview 1 out of 12 pages