|
LISA 2000 Abstract
Analyzing Distributed Denial Of Service Tools: The Shaft Case
Sven Dietrich,NASA Goddard Space Flight Center;
Neil Long, Oxford University ; and
David Dittrich,University of Washington
Abstract
In this paper we present an analysis of Shaft, an example of
malware used in distributed denial of service (DDoS) attacks.
This relatively recent occurrence combines well-known denial of
service attacks (such as TCP SYN flood, smurf, and UDP flood) with a
distributed and coordinated approach to create a powerful program,
capable of slowing network communications to a grinding halt.
Denial of service attack programs, root kits, and network
sniffers have been around in the computer underground for a
very long time. They have not gained nearly the same level of
attention by the general public as did the Morris Internet Worm
of 1988, but have slowly progressed in their development. As more and
more systems have come to be required for business, research,
education, the basic functioning of government, and now entertainment
and commerce from people's homes, the increasingly large number of
vulnerable systems has converged with the development of these tools
to create a situation that resulted in distributed denial of service
attacks that took down the largest e-commerce and media sites on the
Internet.
In contrast, we provide a comparative analysis of several
distributed denial of service tools (e.g., Trinoo, TFN, Stacheldraht,
and Mstream), look at emerging countermeasures against some of these
tools. We look at practical examples of these techniques, provide some
examples from test environments and finally talk about future trends
of these distributed tools.
|
Need help? Use our Contacts page.
