| |
| |
| Foreword | |
| |
| |
| Acknowledgments | |
| |
| |
| About the Authors | |
| |
| |
| |
| Introduction | |
| |
| |
| DoS and DdoS | |
| |
| |
| Why Should We Care? | |
| |
| |
| What Is This Book? | |
| |
| |
| Who Is This Book For? | |
| |
| |
| What Can This Book Help You Do? | |
| |
| |
| Outline of the Remaining | |
| |
| |
| Chapters | |
| |
| |
| |
| Understanding Denial of Service | |
| |
| |
| The Ulterior Motive | |
| |
| |
| Meet the Attackers | |
| |
| |
| Behind the Scenes | |
| |
| |
| Distribution Effects | |
| |
| |
| DDoS: Hype or Reality? | |
| |
| |
| How Vulnerable Are You to DDoS? | |
| |
| |
| |
| History of DoS and DDoS | |
| |
| |
| Motivation | |
| |
| |
| Design Principles of the Internet | |
| |
| |
| DoS and DDoS Evolution | |
| |
| |
| |
| How Attacks Are Waged | |
| |
| |
| Recruitment of the Agent Network | |
| |
| |
| Controlling the DDoS Agent Network | |
| |
| |
| Semantic Levels of DDoS Attacks | |
| |
| |
| Attack Toolkits | |
| |
| |
| What Is IP Spoofing? | |
| |
| |
| DDoS Attack Trends | |
| |
| |
| |
| An Overview of DDoS Defenses | |
| |
| |
| Why DDoS Is a Hard Problem | |
| |
| |
| DDoS Defense Challenges | |
| |
| |
| Prevention versus Protection and Reaction | |
| |
| |
| DDoS Defense Goals | |
| |
| |
| DDoS Defense Locations | |
| |
| |
| Defense Approaches | |
| |
| |
| |
| Detailed Defense Approaches | |
| |
| |
| Thinking about Defenses | |
| |
| |
| General Strategy for DDoS Defense | |
| |
| |
| Preparing to Handle a DDoS Attack | |
| |
| |
| Handling an Ongoing DDoS Attack as a Target | |
| |
| |
| Handling an Ongoing DDoS Attack as a Source | |
| |
| |
| Agreements/Understandings with Your ISP | |
| |
| |
| Analyzing DDoS tools | |
| |
| |
| |
| Survey of Research Defense Approaches | |
| |
| |
| Pushback | |
| |
| |
| Traceback | |
| |
| |
| D-WARD | |
| |
| |
| NetBouncer | |
| |
| |
| Secure Overlay Services (SOS) | |
| |
| |
| Proof of Work | |
| |
| |
| DefCOM | |
| |
| |
| COSSACK | |
| |
| |
| Pi | |
| |
| |
| SIFF: An End-Host Capability Mechanism to Mitigate DDoS Flooding Attacks | |
| |
| |
| Hop-Count Filtering (HCF) | |
| |
| |
| Locality and Entropy Principles | |
| |
| |
| An Empirical Analysis of Target-Resident DoS Filters | |
| |
| |
| Research Prognosis | |
| |
| |
| |
| Legal Issues | |
| |
| |
| Basics of the U.S. Legal System | |
| |
| |
| Laws That May Apply to DDoS Attacks | |
| |
| |
| Who Are the Victims of DDoS? | |
| |
| |
| How Often Is Legal Assistance Sought in DDoS Cases? | |
| |
| |
| Initiating Legal Proceedings as a Victim of DdoS | |
| |
| |
| Evidence Collection and Incident Response Procedures | |
| |
| |
| Estimating Damages | |
| |
| |
| Jurisdictional Issues | |
| |
| |
| Domestic Legal Issues | |
| |
| |
| International Legal Issues | |
| |
| |
| Self-Help Options | |
| |
| |
| A Few Words on Ethics | |
| |
| |
| Current Trends in International Cyber Law | |
| |
| |
| |
| Conclusions | |
| |
| |
| Prognosis for DdoS | |
| |
| |
| Social, Moral, and Legal Issues | |
| |
| |
| Resources for Learning More | |
| |
| |
| Conclusion | |
| |
| |
| |
| Glossary | |
| |
| |
| |
| Survey of Commercial Defense Approaches | |
| |
| |
| Mazu Enforcer by Mazu Networks | |
| |
| |
| Peakflow by Arbor Networks | |
| |
| |
| WS Series Appliances by Webscreen Technologies | |
| |
| |
| Captus IPS by Captus Networks | |
| |
| |
| MANAnet Shield by CS3 | |
| |
| |
| Cisco Traffic Anomaly Detector XT and Cisco Guard XT | |
| |
| |
| StealthWatch by Lancope | |
| |
| |
| Summary | |
| |
| |
| |
| DDoS Data | |
| |
| |
| 2004 CSI/FBI Computer Crime and Security Survey | |
| |
| |
| Inferring Internet Denial-of-Service Activity | |
| |
| |
| A Framework for Classifying Denial-of- Service Attacks | |
| |
| |
| Observations and Experiences Tracking Denial-of-Service Attacks across a Regional ISP | |
| |
| |
| Report on the DDoS Attack on the DNS Root Servers | |
| |
| |
| Conclusion | |
| |
| |
| References | |
| |
| |
| Index | |