Internet Denial of Service: Attack and Defense Mechanisms [Paperback]

Jelena Mirkovic (Author), Sven Dietrich (Author), David Dittrich (Author), Peter Reiher (Author)

Book Description

Publication Date: January 9, 2005 | ISBN-10: 0131475738 | ISBN-13: 978-0131475731

Suddenly your Web server becomes unavailable. When you investigate, you realize that a flood of packets is surging into your network. You have just become one of the hundreds of thousands of victims of a denial-of-service attack, a pervasive and growing threat to the Internet. What do you do?

Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack.

Inside, you'll find comprehensive information on the following topics

• How denial-of-service attacks are waged
• How to improve your network's resilience to denial-of-service attacks
• What to do when you are involved in a denial-of-service attack
• The laws that apply to these attacks and their implications
• How often denial-of-service attacks occur, how strong they are, and the kinds of damage they can cause
• Real examples of denial-of-service attacks as experienced by the attacker, victim, and unwitting accomplices

The authors' extensive experience in handling denial-of-service attacks and researching defense approaches is laid out clearly in practical, detailed terms.

Editorial Reviews

From the Back Cover

Suddenly your Web server becomes unavailable. When you investigate, you realize that a flood of packets is surging into your network. You have just become one of the hundreds of thousands of victims of a denial-of-service attack, a pervasive and growing threat to the Internet. What do you do?

Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack.

Inside, you'll find comprehensive information on the following topics

• How denial-of-service attacks are waged
• How to improve your network's resilience to denial-of-service attacks
• What to do when you are involved in a denial-of-service attack
• The laws that apply to these attacks and their implications
• How often denial-of-service attacks occur, how strong they are, and the kinds of damage they can cause
• Real examples of denial-of-service attacks as experienced by the attacker, victim, and unwitting accomplices

The authors' extensive experience in handling denial-of-service attacks and researching defense approaches is laid out clearly in practical, detailed terms.

About the Author

Jelena Mirkovic has been an assistant professor at the University of Delaware since 2003. She holds a Ph.D. in computer science from the University of California, Los Angeles, where she developed effective defenses against distributed denial-of-service attacks.

Sven Dietrich is a member of the technical staff at the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University, and is affiliated with Carnegie Mellon CyLab, a university-wide cyber security research and education initiative. He has worked and published on DDoS since 1999.

David Dittrich is a senior security engineer at the University of Washington™s Center for Information Assurance and Cybersecurity and a founding member of the Honeynet Project. He published the first detailed technical analyses of DDoS tools in 1999, and maintains the largest Web page on the subject.

Peter Reiher is an adjunct associate professor at the University of California, Los Angeles. His research includes defenses against denial-of-service attacks.

See all Editorial Reviews

Product Details

• Paperback: 400 pages
• Publisher: Prentice Hall (January 9, 2005)
• Language: English
• ISBN-10: 0131475738
• ISBN-13: 978-0131475731
• Product Dimensions: 9.2 x 7 x 0.9 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #1,222,224 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

12 of 14 people found the following review helpful:

3.0 out of 5 stars Everything one needs to know about DDOS, January 25, 2005

By 

Stephen Northcutt (Kauai, HI USA) - See all my reviews
(REAL NAME)   

This review is from: Internet Denial of Service: Attack and Defense Mechanisms (Paperback)

Internet Denial of Service

I certainly enjoyed reading this book, in fact I started looking at it during the work day and couldn't wait for everyone to leave at quitting time so I could finish it. It seems to have a bit of trouble finding its niche, most of the time it has the feel of a research paper, but from time to time there are amazingly practical tidbits. If you are looking for a how to stop denial of service, step by step, buy the cup of coffee from Borders and leaf through the book and make your decision carefully. If you are a researcher in the USA interested in Internet protocols and US law and response, this is a must read, must have. If you are truly seeking to understand what zombie style distributed denial of service is and is capable of, buy the book and read it three times. My response team worked closely with one of the authors, David Dittrich from 1999 - 2001 and if there is a "been there, done that" individual when it comes to malicious code, he would be that person.

This is not a book for a novice, but if you know your way around a network and know a bit about routing, there are a number of helpful illustrations and code segments that drive the points home.

I realize I gave the book three stars even though I liked it a lot and that is primarily because the book is much weaker in the two final chapters, 8 and 9. You just can't throw issues like law, ethics, jurisdiction, evidence collection, and estimation of damages on the table, write a couple paragraphs and zoom on, someone could get hurt. For the right reader, this can be a wonderful resource.

10 of 12 people found the following review helpful:

5.0 out of 5 stars Unique, thorough, and informative -- a must-read, February 7, 2005

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Internet Denial of Service: Attack and Defense Mechanisms (Paperback)

'Internet Denial of Service' (IDOS) is an excellent book by expert authors. IDOS combines sound advice with a fairly complete examination of the denial of service (DoS) problem set. Although the authors write from the DoS point of view, as a network security monitoring advocate I found myself agreeing with many of their insights. Since there are no other books dedicated to DoS, I was very pleased to find this one is a powerful resource for managers and technicians alike.

IDOS features some of the best minds on DoS research available. Everyone has heard of Dave Dittrich, but I found the work of lead author Jelena Mirkovic to be particularly valuable. Peter Reiher and long-time DoS researcher Sven Dietrich also give the project considerable weight. All four authors work for or with universities, and IDOS reflects this academic connection by frequently citing papers and DoS research. For example, chapter 7 describe DoS mitigation approaches and Appendix C examines the best available data on DoS techniques. I would encourage other authors to make similar references to the academic community and not write in a literary vacuum.

By making references to outside works, IDOS successfully avoids repeating material published elsewhere. Chapter 6 was probably my favorite section, including much distilled wisdom and advice on responding to DoS attacks. I welcomed the authors' frequent recommendations to collect session and full content data. It is often impossible to detect and respond to attacks without this sort of network-based evidence. This point is often lost on vendors or consultants who lack experience performing incident response.

I had minor problems with the book. First, I would have liked more technical detail in chapter 6. For example, it would have been nice to see examples of system metrics from nodes or routers under DoS attack. Specific advice on host tuning techniques would also have been useful, e.g., make changes X, Y, or Z on FreeBSD or Cisco IOS to better resist DoS conditions. I was also slightly disappointed the authors did not base their discussions of commercial products in Appendix B on hands-on evaluations. I understand the problem with meeting this objective, however.

I did not have any problems with the legal or concluding chapters (8 & 9). I think the earlier three-star reviewer found himself on the wrong side of the 1999 "RST scan" controversy discussed on p. 52 and may not have been happy by the (correct) stance taken by IDOS.

I highly recommend every security professional read IDOS. It's a convenient and illuminating discussion of a problem that will never disappear. This book will prepare you to do battle with DoS attacks, and for that I am thankful.

10 of 12 people found the following review helpful:

5.0 out of 5 stars DDoS is an unsolved problem, January 23, 2005

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Internet Denial of Service: Attack and Defense Mechanisms (Paperback)

Your take on this book really depends on where you are sitting. The authors lucidly describe what a Denial of Service attack is. More to the point, the book then goes into an explanation of its more dangerous variant - the Distributed Denial of Service [DDoS] attack. The book is really about the latter; not the simple DoS. We see how DDoS evolved rapidly from 1999 to 2005, with the number of computers hijacked to become agents for an attack expanding from hundreds to over a hundred thousand. And how it no longer seems to be done by joyriding hackers just seeking a thrill. Now, it may actually be a business; a major branch of malware.

You should have a reasonable background in understanding TCP/IP, to appreciate the book's technical discussions. For example, if you see mention of the TTL field in a header, you should already know what it means.

The book explains several postulated countermeasures to DDoS. Nifty ideas like traceback and pushback. Or perhaps doing an entropy count of good and bad packets, to help distinguish between them. The problem is that none of these are truly effective. DDoS is an unsolved problem. So if you are a cracker, this is good news. Not so for sysadmins.

But there is something else. Perhaps DDoS is fundamentally insolvable, under the current IPv4 and current router capabilities. But maybe this field is still young. What is a problem for many could be a chance for you, as a researcher or inventor.