Information Technology Reference
In-Depth Information
A DDoS can be carried out through TCP SYN floods from different machines with
different IP addresses. A TCP SYN message is a message in which the TCP header has the
SYN bit set on. This lets the receiver know that the sender wants to establish a TCP-based
connection. The server replies with a SYN/ACK message to acknowledge it has received the
initial SYN message.
Such flood attacks do not require completion of a TCP three-way handshake process;
they attempt to exhaust the destination SYN queue or bandwidth of the targeted server by
not completing the three-way handshake process. It is important to know that the source
IP address can be spoofed, and an attack coming from a number of hosts could actually
originate from a few zombie hosts or even just one host (in which case it will be referred
to as a DoS attack). One of the common ways to mitigate a TCP SYN flood is to enhance
SYN cookies.
Defensive responses to DDoS attacks involve planning and designing advanced combina-
tions of attack detection, traffic and behavior classification, and response mechanisms. The
purpose of these defensive measures is to block traffic identified as illegitimate while still
allowing legitimate traffic to flow freely. For this purpose, firewalls, ACL-enabled routers
and switches, application front-end hardware, and intrusion prevention systems (IPSs) are
employed. These are described in the following sections.
Obfuscation
Obfuscation
refers to methods used to semantically preserve transformation of a data
payload into such a form that hides extraction of information from the data. Obfuscation
can impede understanding of algorithms and data structures and therefore is widely used
in cryptography and information hiding.
Moreover, obfuscation can reduce the size of your assembly by reusing pointers for
different words. It can prevent or limit tools from reading the obfuscated data.
Some examples of obfuscated code and algorithms can be found on the IOCCC website
(
www.ioccc.org/years.html
).
Access Control List
An
access control list (ACL)
is a list of permissions attached to an object. The ACL of an
item specifies the following items:
■
Which users are granted access to the object
■
Which system processes are granted access to the object
■
What operations are allowed on given objects
Note that there are three major access types;
read
,
write
, and
execute
. Each entry in a
typical ACL specifies a subject and an operation. An example would be an ACL that con-
tains
{Alice, read/write}
over the file
example.dat
.
Search WWH ::
Custom Search