Network Security
Note: This is an historic document. We are no longer maintaining the content, but it may have value for research purposes. Pages linked to from the document may no longer be available.
Trends in Denial of Service
Attack Technology
CERT® Coordination Center
Kevin J. Houle, CERT/CC
George M. Weaver, CERT/CC
In collaboration with:
Neil Long
Rob Thomas
v1.0
October 2001
CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office.
Copyright 2001 Carnegie Mellon University
1
Abstract
In November of 1999, the CERT® Coordination Center (CERT/CC) sponsored the Distributed Systems Intruder Tools (DSIT) Workshop where a group of security experts outlined the emerging threat of distributed denial of service
(DDoS) attack technology. Since then, denial of service (DoS) attack technology has continued to evolve and continues to be used to attack and impact Internet infrastructures. Advances in intruder automation techniques have led to a steady stream of new self-propagating worms in 2001, some of which have been used to deploy DoS attack technology. Windows end-users and Internet routing technology have both become more frequent targets of intruder activity. The control mechanisms for
DDoS attack networks are changing to make greater use of Internet Relay Chat
(IRC) technology. The impacts of DoS attacks are causing greater collateral damage, and widespread automated propagation itself has become a vehicle for causing denial of service.
While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years. DoS attacks remain a serious threat to the users, organizations, and infrastructures of the Internet.
The goal of this paper is to highlight recent trends in the deployment, use, and impact of DoS attack technology based on intruder activity and attack tools reported to and analyzed by the CERT/CC. This paper does not propose solutions, but rather aims to serve as a catalyst to
Trends in Denial of Service
Attack Technology
CERT® Coordination Center
Kevin J. Houle, CERT/CC
George M. Weaver, CERT/CC
In collaboration with:
Neil Long
Rob Thomas
v1.0
October 2001
CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office.
Copyright 2001 Carnegie Mellon University
1
Abstract
In November of 1999, the CERT® Coordination Center (CERT/CC) sponsored the Distributed Systems Intruder Tools (DSIT) Workshop where a group of security experts outlined the emerging threat of distributed denial of service
(DDoS) attack technology. Since then, denial of service (DoS) attack technology has continued to evolve and continues to be used to attack and impact Internet infrastructures. Advances in intruder automation techniques have led to a steady stream of new self-propagating worms in 2001, some of which have been used to deploy DoS attack technology. Windows end-users and Internet routing technology have both become more frequent targets of intruder activity. The control mechanisms for
DDoS attack networks are changing to make greater use of Internet Relay Chat
(IRC) technology. The impacts of DoS attacks are causing greater collateral damage, and widespread automated propagation itself has become a vehicle for causing denial of service.
While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years. DoS attacks remain a serious threat to the users, organizations, and infrastructures of the Internet.
The goal of this paper is to highlight recent trends in the deployment, use, and impact of DoS attack technology based on intruder activity and attack tools reported to and analyzed by the CERT/CC. This paper does not propose solutions, but rather aims to serve as a catalyst to