Skip to main content
SpringerLink
Log in

Low Rate DoS Attack to Monoprocess Servers

  • Conference paper
Security in Pervasive Computing (SPC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3934))

Included in the following conference series:

Abstract

In this work, we present a vulnerability in monoprocess or monothreaded servers that allows the execution of DoS attacks with the peculiarity that they are generated by low rate traffic. This feature makes the attack less vulnerable to detection by current IDS systems, which usually expect high rate traffic. The intruder can take advantage of some knowledge about the inter-output times in the server to build the attack. We have simulated and tested it in a real environment, obtaining worrying conclusions due to the efficiency achieved by the attack, with low effort from the attacker.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Williams, M.: Ebay, amazon, buy.com hit by attacks, 02/09/00. IDG News Service (2000), http://www.nwfusion.com/news/2000/0209attack.html

  2. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review 34(2) (April 2004)

    Google Scholar 

  3. CERT Coordination Center, Denial of Service attacks, Available from: http://www.cert.org/tech_tips/denial_of_service

  4. Computer Security Institute and Federal Bureau of Investigation, CSI/FBI Computer crime and security survey 2001, CSI (March 2001), Available from : http://www.gocsi.com

  5. : Inferring Internet Denial of Service activity. In: Proceedings of the USENIX Security Symposium, Washington, DC, USA, pp. 9–22 (2001)

    Google Scholar 

  6. Ferguson, P., Senie, D.: Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing, in RFC 2827 (2001)

    Google Scholar 

  7. Global Incident analysis Center - Special Notice - Egress filtering. Available from: http://www.sans.org/y2k/egress.htm

  8. Geng, X., Whinston, A.B.: Defeating Distributed Denial of Service attacks. IEEE IT Professional 2(4), 36–42 (2000)

    Article  Google Scholar 

  9. Weiler, N.: Honeypots for Distributed Denial of Service. In: Proceedings of the Eleventh IEEE International Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises 2002, Pitsburgh, PA, USA, June 2002, pp. 109–114 (2002)

    Google Scholar 

  10. Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Department of Computer Engineering, Chalmers University, Goteborg, Sweden. Technical Report 99-15 (March 2000)

    Google Scholar 

  11. Talpade, R.R., Kim, G., Khurana, S.: NOMAD: Traffic-based network monitoring framework for anomaly detection. In: Proceedings of the Fourth IEEE Symposium on Computers and Communications (1998)

    Google Scholar 

  12. Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of Distributed Denial of Service Attacks using MIB traffic variables - a feasibility study. In: Proceedings of the 7th IFIP/IEEE Internation Symposium on Integrated Network Management, Seattle, WA, May 14-18 (2001)

    Google Scholar 

  13. Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings of ICNP 2002, Paris, France, pp. 312–321 (2002)

    Google Scholar 

  14. DDoS attacks and defense mechanisms: classification and state-of-the-art, in Computer Networks 44, 643-646 (2004)

    Google Scholar 

  15. Kuzmanovic, A., Knightly, E.: Low Rate TCP-targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)

    Google Scholar 

  16. Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection. In: Proc. IEEE Conference on Network Protocols (ICNP 2004), October 2004, pp. 196–205 (2004)

    Google Scholar 

  17. Yang, G., Gerla, M., Sanadidi, M.Y.: Randomization: Defense Against Low-rate TCP-targeted Denial-of-Service Attacks. In: Proc. IEEE Symposium on Computers and Communications, July 2004, pp. 345–350 (2004)

    Google Scholar 

  18. Shevtekar, A., Anantharam, K., Ansari, N.: Low Rate TCP Denial-of-Service Attack Detection at Edge Routers. IEEE Communications Letters 9(4), 363–365 (2005)

    Article  Google Scholar 

  19. SANS Institute. NAPTHA: A new type of Denial of Service Attack (December 2000), http://rr.sans.org/threats/naptha2.php

  20. Martin, R.R.: Basic Traffic Analysis. Prentice-Hall Inc., Englewood Cliffs (1993)

    Google Scholar 

  21. http://mathworld.wolfram.com/ExponentialDistribution.html

  22. Network Simulator 2, Available at: http://www.isi.edu/nsnam/ns/

Download references

Author information

Authors and Affiliations

  1. Dpt. of Signal Theory, Telematics and Communications – University of Granada, c/ Daniel Saucedo Aranda, s/n, 18071, Granada, Spain

    Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo & Pedro García-Teodoro

Authors
  1. Gabriel Maciá-Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesús E. Díaz-Verdejo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro García-Teodoro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of York, YO10 5DD, York, England

    John A. Clark

  2. Department of Computer Science, University of York, UK

    Richard F. Paige  & Fiona A. C. Polack  & 

  3. School of Computing, University of Teesside, Middlesbrough, UK

    Phillip J. Brooke

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P. (2006). Low Rate DoS Attack to Monoprocess Servers. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds) Security in Pervasive Computing. SPC 2006. Lecture Notes in Computer Science, vol 3934. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734666_5

Download citation

  • DOI: https://doi.org/10.1007/11734666_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33376-0

  • Online ISBN: 978-3-540-33377-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation