| |
| |
Foreword | |
| |
| |
Acknowledgments | |
| |
| |
About the Authors | |
| |
| |
| |
Introduction | |
| |
| |
DoS and DdoS | |
| |
| |
Why Should We Care? | |
| |
| |
What Is This Book? | |
| |
| |
Who Is This Book For? | |
| |
| |
What Can This Book Help You Do? | |
| |
| |
Outline of the Remaining | |
| |
| |
Chapters | |
| |
| |
| |
Understanding Denial of Service | |
| |
| |
The Ulterior Motive | |
| |
| |
Meet the Attackers | |
| |
| |
Behind the Scenes | |
| |
| |
Distribution Effects | |
| |
| |
DDoS: Hype or Reality? | |
| |
| |
How Vulnerable Are You to DDoS? | |
| |
| |
| |
History of DoS and DDoS | |
| |
| |
Motivation | |
| |
| |
Design Principles of the Internet | |
| |
| |
DoS and DDoS Evolution | |
| |
| |
| |
How Attacks Are Waged | |
| |
| |
Recruitment of the Agent Network | |
| |
| |
Controlling the DDoS Agent Network | |
| |
| |
Semantic Levels of DDoS Attacks | |
| |
| |
Attack Toolkits | |
| |
| |
What Is IP Spoofing? | |
| |
| |
DDoS Attack Trends | |
| |
| |
| |
An Overview of DDoS Defenses | |
| |
| |
Why DDoS Is a Hard Problem | |
| |
| |
DDoS Defense Challenges | |
| |
| |
Prevention versus Protection and Reaction | |
| |
| |
DDoS Defense Goals | |
| |
| |
DDoS Defense Locations | |
| |
| |
Defense Approaches | |
| |
| |
| |
Detailed Defense Approaches | |
| |
| |
Thinking about Defenses | |
| |
| |
General Strategy for DDoS Defense | |
| |
| |
Preparing to Handle a DDoS Attack | |
| |
| |
Handling an Ongoing DDoS Attack as a Target | |
| |
| |
Handling an Ongoing DDoS Attack as a Source | |
| |
| |
Agreements/Understandings with Your ISP | |
| |
| |
Analyzing DDoS tools | |
| |
| |
| |
Survey of Research Defense Approaches | |
| |
| |
Pushback | |
| |
| |
Traceback | |
| |
| |
D-WARD | |
| |
| |
NetBouncer | |
| |
| |
Secure Overlay Services (SOS) | |
| |
| |
Proof of Work | |
| |
| |
DefCOM | |
| |
| |
COSSACK | |
| |
| |
Pi | |
| |
| |
SIFF: An End-Host Capability Mechanism to Mitigate DDoS Flooding Attacks | |
| |
| |
Hop-Count Filtering (HCF) | |
| |
| |
Locality and Entropy Principles | |
| |
| |
An Empirical Analysis of Target-Resident DoS Filters | |
| |
| |
Research Prognosis | |
| |
| |
| |
Legal Issues | |
| |
| |
Basics of the U.S. Legal System | |
| |
| |
Laws That May Apply to DDoS Attacks | |
| |
| |
Who Are the Victims of DDoS? | |
| |
| |
How Often Is Legal Assistance Sought in DDoS Cases? | |
| |
| |
Initiating Legal Proceedings as a Victim of DdoS | |
| |
| |
Evidence Collection and Incident Response Procedures | |
| |
| |
Estimating Damages | |
| |
| |
Jurisdictional Issues | |
| |
| |
Domestic Legal Issues | |
| |
| |
International Legal Issues | |
| |
| |
Self-Help Options | |
| |
| |
A Few Words on Ethics | |
| |
| |
Current Trends in International Cyber Law | |
| |
| |
| |
Conclusions | |
| |
| |
Prognosis for DdoS | |
| |
| |
Social, Moral, and Legal Issues | |
| |
| |
Resources for Learning More | |
| |
| |
Conclusion | |
| |
| |
| |
Glossary | |
| |
| |
| |
Survey of Commercial Defense Approaches | |
| |
| |
Mazu Enforcer by Mazu Networks | |
| |
| |
Peakflow by Arbor Networks | |
| |
| |
WS Series Appliances by Webscreen Technologies | |
| |
| |
Captus IPS by Captus Networks | |
| |
| |
MANAnet Shield by CS3 | |
| |
| |
Cisco Traffic Anomaly Detector XT and Cisco Guard XT | |
| |
| |
StealthWatch by Lancope | |
| |
| |
Summary | |
| |
| |
| |
DDoS Data | |
| |
| |
2004 CSI/FBI Computer Crime and Security Survey | |
| |
| |
Inferring Internet Denial-of-Service Activity | |
| |
| |
A Framework for Classifying Denial-of- Service Attacks | |
| |
| |
Observations and Experiences Tracking Denial-of-Service Attacks across a Regional ISP | |
| |
| |
Report on the DDoS Attack on the DNS Root Servers | |
| |
| |
Conclusion | |
| |
| |
References | |
| |
| |
Index | |