Information Technology Reference
In-Depth Information
Another technique to prevent such attacks is to minimize the attack surface area by
closing down unneeded ports. Moreover, ICMP echo messages can simply be ignored
by dropping ICMP requests.
Distributed Denial of Service
A distributed denial of service (DDoS) is a sophisticated security threat that floods the
bandwidth or processing resources of a target system using multiple compromised systems
(also known as zombie systems).
http://en.wikipedia.org/wiki/DDoS#Distributed_attack
A collection of compromised systems is usually referred to as botnet , which is a number of
computer systems controlled by a malicious program. The main purpose of a DDoS attack
is to overload a server system with so many false connections that it can no longer accept
legitimate connections.
This attack is sophisticated in nature because the attacker is able to launch an attack
using multiple machines rather than just one. It is hard to distinguish between good and
malicious requests. Additionally, it is even harder to track or detect the behavior of such
machines. By making the behavior of each attack machine stealthier and more adaptive, the
attacker has a huge advantage over the target server's defense mechanisms. For example,
purchasing more incoming bandwidth to increase the servable volume could be completely
futile because the attacker can add more machines by spreading the malicious program to
other hosts on the Internet. FigureĀ 11.1 depicts a DDoS attack with attacker, handler hosts,
the botnet, and the victim.
FIGUREĀ 11.1 A simple representation of a DDoS attack
Attacker
Handler
Handler
Botnet
Victim
Search WWH ::




Custom Search