欢迎来到留学生英语论文网

客服信息

我们支持 澳洲论文代写 Assignment代写、加拿大论文代写 Assignment代写、新西兰论文代写 Assignment代写、美国论文代写 Assignment代写、英国论文代写 Assignment代写、及其他国家的英语文书润色修改代写方案.论文写作指导服务

唯一联系方式Q微:7878393

当前位置:首页 > 论文范文 > Internet

DDOS

发布时间:2017-03-30
该论文是我们的学员投稿,并非我们专家级的写作水平!如果你有论文作业写作指导需求请联系我们的客服人员

The term DDOS (Distributed Denial Of service) is actually derived from the term DOS (Denial of Service). The main aim of the attack is to take out a victim computer or a target by use of a built army of several hundreds of computers within or outside the network. This method of attack is so successful and destroying because of its widespread effects. The usage of multiple computers aka master computers who use the other computers aka zombie computers to generate voluminous traffic to the victim is the base of the attack .

There are several ways of causing these attacks and with increasing complexity of the networks , the attacks and the means by which the attacks are being carried out is growing in complexity too. One of the main reasons of success and hence a growing difficulty in controlling these attacks are the trace back mechanisms. The usage of maser and zombie computers within or outside the network especially with requests being made to look placed by the victim itself makes

the trace back very hard and a nightmare in every system administrators life. At this point of time when this paper is begin written there are many forms and ways of controlling or trace back mechanisms in the form of research by various researchers and some of them even tried and implemented by various security giants including "Symantec.Inc" ,"McAfee.Inc" , "Cisco" etc.

II. Basic working and various forms of DDos

A. How the DDOS ball was set rolling:

DDOS works with the principle that the attacker takes control of many master computers and hence using the software loaded on the master computer, it is used to attract zombie computers[1] to build the army.

Now the term zombie computers[1] are just names given by attackers to the computers that belong to respectable networks of multinational co operations, universities within or outside the network.

By using this attack zombie computers are unaware of their actions or data stream packets requests or otherwise sent by them through their network. The use of zombie computers [1] make the trace back of the attacker a very difficult and almost impossible and heavily time consuming task. The recent coming of technology and with the inventions of IDS [2] and the combination of the firewall and the IPS [3] systems has made the tracking of the package and also led to the invention of many techniques to prevent while the attack is still active or if the active is already done and gone , to trace back to a certain permissible degree. The techniques used for these will be explained in the next section as I will explain the current techniques in place for preventing DDOS attacks.

B. DDOS using reflectors.

As described above distributed denial of service (DDOS) being performed by the use of masters and slaves and thus complicating the trace back of the attacker nevertheless making the attack a very successful one.

As more and more methods came up of tracing back these normal DDOS attacks using especially ITRACE [4], SPIE[5] and probabilistic packet marking [6], the tracing back of packages sent by the attacking zombie/slave computers became feasible and implementation and enforcement was a thought at many levels. More on the above quoted trace back mechanisms will be discussed in the next section.

In the reflection way of attacking, the attacker makes use of the slaves to send data to the free available web servers or other hosts. "So, for example, all Web servers, DNS servers, and routers are reflectors, since they will return SYN ACKs or RSTs in response to SYN or other TCP packets" [7] . Why these attacks are successful and make them so difficult in tracing back so difficult is that since the zombie computers send fake requests by spoofing the victims ip address , so on the available techniques of "reverse ip trace back" the process as long and tedious as it is , it comes back and shows the victim itself.

The limitation also being that since it's a web server or a free unused host that is being used as reflector millions of them are being taken over by the attacker hence taking the task of the trace back to a new horrifying level .In addition the web server/ reflector should have maintained clear logs of all the traffic that they receive on a particular day which will have to be analysed by contacting hundreds of ISP's and network providers and system administrators.

The attacker would also have taken careful notice to ensure that there are not many zombie/slave computers attached to the same reflector as this would prevent trace back of the whole attacking army.

III. Possible existing ways of limiting the attacks

Bellovin's proposed scheme was initially designed for tracking back packets where the source of the packets that caused the attacks was unknown. In this method the process basically told that the routers that forwarded the data could send icmp data back to the destinations and hence with high traffic volume flow they would eventually trace back as to which source had it come to the respective router and then routed to the victim that the packet was being targeted at.

In this method eventually the ICMP packets would give the location of the zombie/slave computer that was used .

The main limitation of this technique was that it needed a high volume of data to be processed and hence sure of the location of the slave and hence otherwise could not be processed if the attack was not active at that point of time.

B. Probability Packet marking [6]

In this method we are implementing the system that a set of routers that router data in to the main network marks the data packets with a very highly compressed piece of hidden code that the target computer/server can decode. This form of trace back is and has proved to pave ways to many other forms of research as there are many more wider forms of this trackback research going on . In this method the victim is able to trace back the path every data packet that been encode by the packet mark which will eventually lead to the location of a slave . This method also eventually failed as with the coming and usage of reflectors or massive amount of slaves in the order of millions , the computational data was way too large for analytical or trace back purposes.

This technique is based on a principle that every packet that is going through the router is marked and categorized with a set of hashes. By using the principle a packet's set destination and hence the path it travelled after leaving the router can be found by sending customized queries to the routers and hence obtaining the path of the same. It technically isolates the packet and puts a unique hash to it so that it can be easily be found and trace backed. The advantage being that this technique of tracing back can also be used for every small amount of data. Every single packet of data between the victim and a particular router can be queried and found the location of the slave.

The record of the packet being queried has to be present on the router recording the hashes and this is only possible ad only highly effective in the case of an going attack when the network traffic is high and in the middle of the action.

IV. Proposal for stopping attack using crypto puzzles

This principle is based on the principle that a client requesting for services should exhaust its own resources before the server exhausts its own resources. [8].

This principle of preventing the attacks was considered very famous and considered a good breakthrough in the field of using game theory.

A. Working Principle

When a server comes under attack it distributes cryptographic puzzles to all the hosts requiring services from the server. BY doing this, though we are utilizing the server computational resources, we are using more of the host computer resources that is demanding or requiring services.

The crypto graphic puzzles that are being distributed are being distributed from the server itself to the hosts demanding service and it also has many sub divisions based on difficulty and also on time which guarantees legitimate users service while the attacker is at bay as the attacker is lost on how to resolve the puzzle.

The method succeeds in many ways and in recent studies they have also proved that it has proved effective almost more than eighty percent rate of proven success rate of less utilization on routers and more than seventy percent of less utilization on individual host and servers . This is basically credited to the fact that once the puzzles are released the users on solving the same are given rights or services on the server and the attackers who are not able to solve the puzzles are not given any service hence rendering the attack ineffective.

B. Disadvantages and why didn't it work?

The method though a brilliant one, was yet susceptible and not irons clad solution to the attacker spoofing the IP address of the host itself. The attacker could take over the zombie/slave computer hence using the same computational; power to solve the cryptographic puzzle.

Yet another disadvantage or hurdle was that the cryptographic puzzle technique only got triggered in the event of an active attack, and if the attacker as in the reflector technique did a "divide and rule" and divided the army and attacked the system , the server continue operation as usual and the system would break down eventually.

Also one of the main and foremost disadvantages was that the system could be turned on itself as the server could exhaust all the resources generating and routing cryptographic puzzles to all the resources requesting access as a prerequisite hence causing a legitimate shut down on itself.

V. Conclusions

In this paper , keeping in mind the scope and reach of the same many but few methods of trace back have been discussed but it's to the ultimate result and knowledge that with the ongoing research there is yet a silver bullet panache yet to be discovered for this form of attack.

By the end of this paper I recommend that keeping the advantages and disadvantages of various methods in mind, it's better to have a holistic approach and implement a system with a multitude of options built on it and using various met

Having a combative system also adds to the overhead and also to massive security costs that any institution will have to take the brunt of to provide security for themselves. Hence I conclude this paper by saying that "Prevention is better than cure"

References

  • [1] Tom Spring (2006, June 20) [Online]. Available "Spam Slayer: Slaying Spam-Spewing Zombie PCs," PC World, [2] NIST CSRC SP 800-94, (2007, February). "Guide to Intrusion Detection and Prevention Systems (IDPS)", [3] Symantec (2003, February 27th ( , [Online] , Available: http://www.symantec.com/connect/articles/intrusion-prevention-systems-next-step-evolution-ids [4] S. Bellovin, (2000, March) [Online]"ICMP Traceback Messages," Available : http://www.research.att.com/smb/papers/draft-bellovin-itrace-00.txt [5] A. Snoeren, C. Partridge, L. Sanchez, W. Strayer, C. Jonesand F. Tchakountio (2001, August), "Hash-Based IP Traceback," Proc.ACM/SIGCOMM. [6] S. Savage, D. Wetherall, A. Karlin and T. Anderson (2000, August)"Practical Network Support for IP Traceback," Proc. ACM/SIGCOMM, pp. 295-306. [7] Vern Paxson, , "An Analysis of Using Re?ectors for Distributed Denial-of-Service Attacks" AT&T Center for Internet Research at ICSI.International Computer Science Institute Berkeley, CA USAY. [8] Aura T, Nikander P and Leiwo .J, (April 2000) "DOS-Resistant Authentication with client puzzles " , Cambridge security protocol workshop
  • 上一篇:Promotion of Online Auction 下一篇:Type of Online Payment