Internet - Tracing the Source of Denial of Service Attacks

:: 15 Works Cited
Length: 2010 words (5.7 double-spaced pages)
Rating: Excellent
Open Document
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Text Preview

More ↓

Continue reading...

Open Document

Tracing the Source of Denial of Service Attacks

 
     Abstract:  Denial of service attacks are becoming increasingly prevalent and serious, yet the anonymity that these attacks affords the hacker provides no means for a victim to trace the attack.  The weakness of the TCP/IP protocol allows for this anonymity, yet it would be very difficult to change this protocol.  Savage, Wetherall, Karlin, and Anderson present a method for tracing back the source IP address and network path of denial of service attacks.

 

As the internet becomes increasingly vital to the everyday life of millions of people around the world, it also becomes increasingly vulnerable to hackers.  Through forcing servers or web sites to shut down, hackers have the ability to affect almost every aspect of modern society; finances, safety, education, and many others.  One common method used by hackers to maliciously affect these servers is the denial of service attack.  Savage, Wetherall, Karlin, and Anderson define a denial of service attacks as those that "consume the resources of a remote host or network, thereby denying or degrading service to legitimate users.  Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace."1  Denial of service attacks, and the means for servers to deal with and trace such attacks, present numerous ethical issues.

 

The Computer Emergency Response Team, CERT, is a group based at Carnegie Mellon University.  CERT describes their goal as "[to] study Internet security vulnerabilities, provide incident response services to sites that have been the victims of attack, publish a variety of security alerts, do research in wide-area-networked computing, and develop information and training to help you improve security at your site." 2  This simple description presents an ethical dilemma;  should this team publish information about new vulnerabilities that will provide hackers with the sources from which to create new DOS attacks?  As new software packages are developed at an increasing rate, there will inevitably be more bugs that will provide vulnerabilities to DOS attacks.  If hackers have equal access to information about these vulnerabilities as do system administrators, can the system administrators "keep up" with the hackers?

 

A fairly simple observation seems to answers this question.  In modern society, it is increasingly difficult to keep secrets.  For example, a few years ago, Intel encountered a bug in the Pentium chip, but did not release information about this bug.

How to Cite this Page

MLA Citation:
"Internet - Tracing the Source of Denial of Service Attacks." 123HelpMe.com. 22 Sep 2017
    <http://www.123HelpMe.com/view.asp?id=10704>.
Title Length Color Rating  
Distributed Denial of Service Attacks Essay - Within the last decade, the internet has proven to be the most efficient way to complete tasks in today’s society. Every major business in today’s society relies on the internet to conduct business. Though the internet is a useful tool, our reliability on it opens up the door for cyber-attacks that can be detrimental to business as a whole. One example of a cyber-attacks that have recently started becoming more prevalent are DDoS attacks. Recently, DDoS attacks have been a rising issue for businesses owners who run their own servers, such as video game companies and other high profile web servers, including banks and other credit card payment gateways....   [tags: DDoS Attacks, Cyber Terrorism]
:: 3 Works Cited
627 words
(1.8 pages)
Better Essays [preview]
Enhancing DNS Resilience against Denial of Service Attacks Essay - Enhancing DNS Resilience against Denial of Service Attacks Abstract The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past few years, distributed denial of service (DDoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. In this paper we show that the existing DNS can gain significant resilience against DDoS attacks through a simple change to the current DNS operations, by setting longer time-to-live values for a special class of DNS resource records, the infrastructure records....   [tags: Internet Security]
:: 21 Works Cited
1001 words
(2.9 pages)
Strong Essays [preview]
Essay about Denial of Service Attacks - Denial of Service Attacks Definition: Denial of Service. A cracker attack that overloads a server to the point that it no longer responds or shuts down completely. To flood a network or individual server with huge amounts of data packets. How it Works In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server. In a denial of service attack, the user sends several authentication requests to the server, filling it up....   [tags: Essays Papers] 877 words
(2.5 pages)
Better Essays [preview]
Denial of Service Attacks Essay - Denial of Service attacks (DoS) or Distributed Denial of Service Attacks (DDoS), have been around for many years, but only in the past few years have the frequency and magnitude of these attacks increased. They are a significant problem because they can shut an organization off from the Internet for extended periods of time and little can be done to stop them. DoS attacks occur when computer resources become unavailable to legitimate users after being exhausted by false requests for information (Houle and Weaver 1)....   [tags: Computers] 2204 words
(6.3 pages)
Powerful Essays [preview]
Essay on Denial of Service Attack - Background Located in Seattle Washington, the iPremier company is a web-based commerce company founded in 1996 by two students from Swarthmore College. Since its founding, iPremier has registered a success story in e-commerce selling vintage, luxury and rare goods over the internet. Customers use their credit cards to transact business online. With impressive sales and profit margins, iPremier is among the few companies who survived the 2000 technical stock recession (Austin, 2007). Management at iPremier consists of young employees who were its pioneers and a number of experienced managers recruited over time....   [tags: Business Operations Analysis]
:: 4 Works Cited
908 words
(2.6 pages)
Better Essays [preview]
UK Government Communications Headquarters' Distributed Denial of Service Attacks on Anonymous - ... This show the seriousness of this unit and that it must be very important to the point that its name is kept a secret. In 2012 the US NSA held a conference which was named SIGVED; this was in retaliation to the leaking of the documents that were in possession of the former contractor of NSA, Edward Snowden. The documents contained information on an operation codenamed Rolling Thunder which was essentially an operation targeting Anonymous hacktivists. The method used to target the IRC (Internet Relay Chats) which were used by hacktivists, this method was efficient and effective....   [tags: hackers, intelligence, jamming] 627 words
(1.8 pages)
Better Essays [preview]
Detecting and Mitigating DoS or Distributed DoS Attacks Essay - Introduction Denial of service (DoS) and distributed DoS (DDoS) attack is a means to take control of a computer terminal or network resources to disrupt communications of a computer host with a connection to the Internet. A DDoS is an attack sent by more than two computer hosts or a coopted zombie computers in a botnet and DoS is an attack by one computer host. Either attack will flood an online computer or network with of incoming messages to overwhelm the targeted system thus denying service to the internet or communication with authorized users (US-CERT, 2013)....   [tags: Mitigating DoS Attacks]
:: 15 Works Cited
2566 words
(7.3 pages)
Research Papers [preview]
Threats to Computer and Data Systems Today Essay - ... There ultimate goal is often achieved through denial of service attack. Password cracking is a sneaky method used by hackers to gain unauthorized access to system through someone’s account. According to www.msdn.microsoft.com network systems are at high risk when the password selected is weak; they are easy to guess by hackers such as date of birth, family name or child’s name. On The 1st of February 2013, Twitter announced it had been subjected to unauthorised access attempts over the course of a week....   [tags: virus, hackers, denial of service] 693 words
(2 pages)
Better Essays [preview]
Countering Replay Attacks Essay - INDEX 1. Introduction 2. Type of Attack in ATM 3. Replay Attack in ATM 4. Counter Measures for Replay Attack :-RIPSEC Protocol[3] 5. References Introduction In present era, with rapid growth of banking and financial system throughout the world.Currently there are more than 730 million Debit/Card circulating throughout the world. Evesdroppers or Cyber-thief comes with new measures/attack to perform fraudulent transactions. It has been very necessary to come up with the proper security measures in ATM transactions so that people and banks do not suffer the monetary effect of fraudulent transactions....   [tags: Replay Attacks]
:: 7 Works Cited
967 words
(2.8 pages)
Strong Essays [preview]
Holocaust Denial and Distortion Essay - “One is astonished in the study of history at the recurrence of the idea that evil must be forgotten, distorted, skimmed over. The difficulty, of course, with this philosophy is that history loses its value as an incentive and example; it paints perfect men and noble nations, but it does not tell the truth.” -W.E.B Du Bois, Black Reconstruction, 1935 As early as age thirteen, we start learning about the Holocaust in classrooms and in textbooks. We learn that in the 1940s, the German Nazi party (led by Adolph Hitler) intentionally performed a mass genocide in order to try to breed a perfect population of human beings....   [tags: Holocaust Denial Essays] 2232 words
(6.4 pages)
Powerful Essays [preview]

Related Searches




  This was a dangerous bug with which anyone who could write a few lines of assembly code could crash a machine with an Intel Pentium chip.  It took a very short time for the information to leak to people throughout the world via the web. 3 4  This case seems to prove the fact that it is nearly impossible to keep a secret pertaining to computer security, and that doing so can actually be more harmful than publishing the vulnerability as soon as it is discovered.

 

Howard reports that according to CERT, the number of DOS attacks reported by cert increased by 50 percent per year in the period from 1989 to 1995.5  This fact places the utmost importance on finding some means of dealing with or preventing these sorts of attacks.  Unfortunately, the nature of denial of service attacks makes them very difficult to trace or prevent.  Therefore the majority of recent work in the area has focused on tolerating theses attacks rather than preventing them.67

 

The reason that DOS attacks are difficult to trace relates to the definition of the Transmission Control Protocol / Internet Protocol. (TCP/IP).  This is the protocol which essentially defines communication on the internet.  Robert T. Morris wrote in a 1985 paper on TCP/IP weaknesses, "The weakness in the scheme [Internet Protocol] is that the source host itself fills in the source host id, and there is no provision in ... TCP/IP to discover the true origin of a packet"8  What this means is that when one computer (the sender) wants to connect to another (the receiver) via a network, the sender creates a series of packets of data.  Each of these packets has a header with various information, including the IP address of the sender.  However, because the sender fills in this information, he can easily put an incorrect IP address on the packets to make it look like their source was somewhere else.  This is know as IP spoofing.9 

 

IP spoofing also presents an ethical dilemma.  It is obviously unethical to spoof one's IP address for use in a DOS attack, but how should the internet community deal with this problem?  The current situation relies on the good nature of the sender, which in the case of a DOS attack, is obviously a major problem.  Should the TCP/IP protocol be rewritten to alleviate this problem?  This seems to be an easy solution to the problem, but redefining the TCP/IP protocol is a massive task that would require changes to countless millions of lines of code, a task that would take years. 

 

The ideal solution to this problem would be one which is backwards compatible, i.e.  it works with the current versions of TCP/IP and does not require any new features to be added.  Furthermore, this solution would be fully known to all users, yet still impossible to break.  That is, even if hackers know the full details of the implementation of the solution, it would be impossible for them to spoof IP addresses.  The RSA (Rivest-Shamir-Adleman) encryption algorithm provides a good example of this type of solution.  Every aspect of this encryption algorithm is fully known, yet it is impossible to

break, because, "the sun will burn out before the most powerful computers presently in existence can factor your modulus into P and Q." 10

In "Practical Network Support for IP Traceback", Savage, Wetherall, Karlin, and Anderson present a method of tracing the network path (and source machine) of a denial of service attack, even if the source machine spoofed its IP address.11  This method, if implemented correctly, will make it impossible for a hacker to hide the path that his malicious packets take.  In order to implement this technique, each router that the attack packets travels through will have to probabilistically tag the identification field of the IP header of some of those packets.  When a victim realizes that a denial of service attack is taking place, the system  administrator runs a program that constructs the network path of the attack by looking at the tags on the malicious packets.12  Since the hacker does not have access to the routers through which his attack packets travel, he has no way of masking the true path that these packets take.  This seems to provide the perfect solution to the problem.

 

As with most apparently perfect solutions, there are drawbacks and ethical issues that become apparent with this IP traceback technique.  First of all, every router on the internet would have to run code to implement this technique, a nearly impossible task inasmuch as there are millions upon millions of routers across the world.  Another important drawback is that this technique runs on the assumption that the identification field in the IP header is always available for use.13  However, if a router needs to fragment a packet, it will have to use this identification field and will therefore not be able to tag that field for the traceback technique.14  Yet another assumption that provides a weakness in the technique is the assumption that the denial of service attacks will consist of many thousands of packets.  There is one well known attack, known as the "ping of death attack", that consists of only one packet.15

 

The main ethical issue raised by the implementation of this technique is that of privacy.  Since IP traceback gives a user the ability to trace the exact path that network traffic takes in getting to that user, it can be used maliciously. For example, a web host could store data about the network paths that each user takes and could possibly sell this information to interested parties.  Or even worse, a hacker could use this technique to obtain the necessary network information to run a denial of service attack.    One could also use this information to "retaliate" and run a denial of service attack on the hacker who initiated an attack.

 

Denial of service attacks pose an increasingly serious threat to the internet, especially as more people become dependant on the internet as a means of managing their daily tasks and obligations.  In the last year, major sites such as eBay.com, Amazon.com, eToys.com, Yahoo.com and Buy.com have been disabled for varying amounts of time by denial of service attacks.16 17 18 These attacks not only cost users time and effort, but have the potential to cost the sites themselves millions of dollars.  In order to prevent these attacks and identify those culpable, the anonymity that denial of service attacks provides the hacker must be removed.  Savage, Wetherall, Karlin, and Anderson present a potentially large step in the removal of this anonymity, but it is by no means the perfect solution.  Their IP traceback technique, and any future technique for dealing with DOS attacks will present potentially serious ethical and technical issues, but the monetary and societal pressure to find a solution will surely result in a robust solution in the near future. 

 

Notes

1Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. Practical Network Support for IP Traceback.  University of Washington, Seattle.

2 http://www.cert.org

3 http://www.wired.com/news/topstories/0,1287,8415,00.html

 

4 http://x86.ddj.com/secrets/intelsecrets.htm

5 John D. Howard. An Analysis of Security Incidents on the Internet. PhD hesis, Carnegie Mellon University, August, 1998

6 Oliver Spatscheck and Larry Peterson.  Defending Denial of Service Attacks in Scout.  Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 39-49, Oakland, CA, May, 1995.

7 Guarav Banga, Peter Druschel, and Jeffrey Mogul.  Resource Containers: A New Facility for Resource Management in Server Systems.  Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, pages 45-58, February, 1999.

8 Robert. T Morris.  A Weakness in the 4.2BSD Unix TCP/IP Software.  Technical Report Computer Science #117, AT&T Bell Labs, February, 1985.

9 http://www.zdwebopedia.com/TERM/I/IP_spoofing.html

10 http://world.std.com/~franl/crypto/rsa-guts.html

11 Savage, Wetherall, Karlin, and Anderson.

12 Ibid

13 Ibid

14 http://www.microsoft.com/technet/network/intern.asp

15 http://www.insecure.org/sploits/ping-o-death.html

16 http://www.nwfusion.com/news/2000/0209attack.html

17 http://www.nwfusion.com/news/2000/0208yahoodown.html

18 http://www.nwfusion.com/news/1999/1220etoys.html

 

 

 

Sources Cited

 

1) Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. Practical Network Support for IP Traceback.  University of Washington, Seattle.

 

2) http://www.cert.org

 

3) http://www.wired.com/news/topstories/0,1287,8415,00.html

 

4) http://x86.ddj.com/secrets/intelsecrets.htm

 

5) John D. Howard. An Analysis of Security Incidents on the Internet. PhD hesis, Carnegie Mellon University, August, 1998

 

6) Oliver Spatscheck and Larry Peterson.  Defending Denial of Service Attacks in Scout.  Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 39-49, Oakland, CA, May, 1995.

 

7) Guarav Banga, Peter Druschel, and Jeffrey Mogul.  Resource Containers: A New Facility for Resource Management in Server Systems.  Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, pages 45-58, February, 1999.

 

8) Robert. T Morris.  A Weakness in the 4.2BSD Unix TCP/IP Software.  Technical Report Computer Science #117, AT&T Bell Labs, February, 1985.

 

9) http://www.zdwebopedia.com/TERM/I/IP_spoofing.html

 

10)  http://world.std.com/~franl/crypto/rsa-guts.html

 

11) http://www.microsoft.com/technet/network/intern.asp

 

12)  http://www.insecure.org/sploits/ping-o-death.html

 

13)  http://www.nwfusion.com/news/2000/0209attack.html

 

14)  http://www.nwfusion.com/news/2000/0208yahoodown.html

 

15)  http://www.nwfusion.com/news/1999/1220etoys.html

 

Notes

1Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. Practical Network Support for IP Traceback.  University of Washington, Seattle.

2 http://www.cert.org

3 http://www.wired.com/news/topstories/0,1287,8415,00.html

 

4 http://x86.ddj.com/secrets/intelsecrets.htm

5 John D. Howard. An Analysis of Security Incidents on the Internet. PhD hesis, Carnegie Mellon University, August, 1998

6 Oliver Spatscheck and Larry Peterson.  Defending Denial of Service Attacks in Scout.  Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 39-49, Oakland, CA, May, 1995.

7 Guarav Banga, Peter Druschel, and Jeffrey Mogul.  Resource Containers: A New Facility for Resource Management in Server Systems.  Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, pages 45-58, February, 1999.

8 Robert. T Morris.  A Weakness in the 4.2BSD Unix TCP/IP Software.  Technical Report Computer Science #117, AT&T Bell Labs, February, 1985.

9 http://www.zdwebopedia.com/TERM/I/IP_spoofing.html

10 http://world.std.com/~franl/crypto/rsa-guts.html

11 Savage, Wetherall, Karlin, and Anderson.

12 Ibid

13 Ibid

14 http://www.microsoft.com/technet/network/intern.asp

15 http://www.insecure.org/sploits/ping-o-death.html

16 http://www.nwfusion.com/news/2000/0209attack.html

17 http://www.nwfusion.com/news/2000/0208yahoodown.html

18 http://www.nwfusion.com/news/1999/1220etoys.html



Return to 123HelpMe.com