10-06-2017, 06:54 AM
thanks Mohit Jain
nice report , a good tech stuff
i am going to repost Introduction of above report to get idea of report before downloading
Introduction
Overview Denial of service attacks have become a growing problem over the last few years resulting in large losses for the victims . One good example of this loss is the attacks of Yahoo, CNN, and Amazon in February of 2000 which had an estimated loss of several million to over a billion dollars . This report will go over the fundamentals of denial of service attacks, how they can be detected, and some of the most common ways of mitigating the damage they can inflict upon their victims. Distributed Denial of Service (DDoS) attacks are a virulent, relatively new type of attack on the availability of Internet services and resources. DDoS attackers infiltrate large numbers of computers by exploiting software vulnerabilities, to set up DDoS attack networks. These unwitting computers are then invoked to wage a coordinated, large-scale attack against one or more victim systems. As specific countermeasures are developed, attackers enhance existing DDoS attack tools, developing new and derivative DDoS techniques and attack tools. Rather than react to new attacks with specific countermeasures, it would be desirable to develop comprehensive DDoS solutions that defend against known and future DDoS attack variants. However, this requires a comprehensive understanding of the scope and techniques used in different DDoS attacks.
Denial of Service Attacks
Denial of service attacks come in an almost endless variety of forms but have the core similarity of their purpose. This purpose is to deny legitimate use of the services provided by their victim . This is achieved by exhausting the systems resources such as bandwidth, and memory . Unfortunately due to the limited nature of resources on the internet and the end to end focus of the networks design this is fairly easily achieved . There are several different main kinds of methods that attackers use. The most straight forward method is sending a stream of packets to the victim to use all of the systems resources which is known as flooding [1]. Another common method is to send a smaller number of altered packets to confuse the protocol or application . The most prevalent form of denial of service attack is the TCP/SYN Flooding method which makes up 90% of all denial of service attacks . This attack takes advantage of the three way handshake procedure that the TCP protocol uses . Normally the procedure goes something like the Page 1 following. The client sends a SYN message to let the server know the client wants to connect. Then the server sends a SYN/ACK message back letting the client know that it received the client s SYN message and is reserving resources for it. Finally the client sends the server an ACK message to complete the connection .In a TCP/SYN flooding attack the misbehaving client or clients sends a flood of SYN messages to the server with spoofed IP s (fake IP info) but never respond to the SYN/ACK message the server responds with (to the spoofed IP s). This results in the server holding half open connections and reserving resources for each fraudulent SYN message eventually consuming them all. Now that the basic nature of a denial of service extent has been explained we will go into distributed denial of service attacks.