Active router approach to defeating denial-of-service attacks in networks

Denial-of-service attacks represent a major threat to modern organisations who are increasingly dependent on the integrity of their computer networks. A new approach to combating such threats introduces active routers into the network architecture. These active routers offer the combined benefits of intrusion detection, firewall functionality and data encryption and work collaboratively to provide a distributed defence mechanism. The paper provides a detailed description of the design and operation of the algorithms used by the active routers and demonstrates how this approach is able to defeat a SYN and SMURF attack. Other approaches to network design, such as the introduction of a firewall and intrusion detection systems, can be used to protect networks, however, weaknesses remain. It is proposed that the adoption of an active router approach to protecting networks overcomes many of these weaknesses and therefore offers enhanced protection

Analysis of Security Incidents from Network Traffic

Analýza bezpečnostních incidentů se stala velmi důležitým a zajímavým oborem počítačové vědy. Monitorovací nástroje a techniky pomáhají při detekci a prevenci proti tímto škodlivým aktivitám. Tento dokument opisuje počítačové útoky a jejich klasifikaci. Také jsou tady opsaný některé monitorovací nástroje jako Intrusion Detection System nebo NetFlow protokol a jeho monitorovací software. Tento dokument také opisuje konfiguraci experimentální topologie a prezentuje několik experimentů škodlivých aktivit, které byly detailně kontrolovány těmito monitorovacími nástroji.Analysis of network incidents have become a very important and interesting field in Computer Science. Monitoring tools and techniques can help detect and prevent against these malicious activities. This document describes computer attacks and their classification. Several monitoring tools such as Intrusion Detection System or NetFlow protocol and its monitoring software are introduced. It is also described the development of an experimental topology and the results obtained on several experiments involving malicious activity, that were overseen in detail by these monitoring tools.

Evaluation of Windows Servers Security Under ICMP and TCP Denial of Service Attacks

Securing server from Distributed denial of service (DDoS) attacks is a challenging task for network operators. DDOS attacks are known to reduce the performance of web based applications and reduce the number of legitimate client connections. In this thesis, we evaluate performance of a Windows server 2003 under these attacks. In this thesis, we also evaluate and compare effectiveness of three different protection mechanisms, namely SYN Cache, SYN Cookie and SYN proxy protection methods, to protect against TCP SYN DDoS attacks. It is found that the SYN attack protection at the server is more effective at lower loads of SYN attack traffic, whereas the SYN cookies protection is more effective at higher loads compared to other methods

FAIR: Forwarding Accountability for Internet Reputability

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.Comment: 16 pages, 12 figure

Impact of denial of service solutions on network quality of service

The Internet has become a universal communication network tool. It has evolved from a platform that supports best-effort traffic to one that now carries different traffic types including those involving continuous media with quality of service (QoS) requirements. As more services are delivered over the Internet, we face increasing risk to their availability given that malicious attacks on those Internet services continue to increase. Several networks have witnessed denial of service (DoS) and distributed denial of service (DDoS) attacks over the past few years which have disrupted QoS of network services, thereby violating the Service Level Agreement (SLA) between the client and the Internet Service Provider (ISP). Hence DoS or DDoS attacks are major threats to network QoS. In this paper we survey techniques and solutions that have been deployed to thwart DoS and DDoS attacks and we evaluate them in terms of their impact on network QoS for Internet services. We also present vulnerabilities that can be exploited for QoS protocols and also affect QoS if exploited. In addition, we also highlight challenges that still need to be addressed to achieve end-to-end QoS with recently proposed DoS/DDoS solutions